[原文]Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
ESMI PayPal Storefront contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'idpages' variable in the pages.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Upgrade to ESMI PayPal Storefront 1.7.5, ESMI PayPal Digital 1.7.5, or ESMI(ES) Cart 1.5, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.