SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.
https://www.exploit-db.com/exploits/5002
https://exchange.xforce.ibmcloud.com/vulnerabilities/40010