SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.Referenceshttp://www.exploit-db.com/exploits/18063
