SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters.
http://www.vupen.com/english/advisories/2005/2968
http://secunia.com/advisories/18073
http://pridels0.blogspot.com/2005/12/ihtml-merchant-mall-sql-inj.html