SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php.
http://www.securityfocus.com/bid/5244
http://www.iss.net/security_center/static/9582.php