Ayastar

**Name of the Vulnerable Software and Affected Versions** Photocrati theme versions 4.x **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `prod id` parameter in the ecomm-sizes.php file. **Recommendations** For Photocrati theme version 4.x, consider restricting access to the ecomm-sizes.php file until a patch is available, and avoid using the `prod id` parameter in the affected endpoint.