Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp.
https://www.exploit-db.com/exploits/2782
https://exchange.xforce.ibmcloud.com/vulnerabilities/30288
https://exchange.xforce.ibmcloud.com/vulnerabilities/30287
http://www.vupen.com/english/advisories/2006/4535
http://www.securityfocus.com/archive/1/451595/100/0/threaded