iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.Referenceshttps://pastebin.com/UDEsFq3u
