Based on PhpNuke and osCommerce, Php-MultiShop is an application Web server to realize an e-commerce market place. It can be used as a portal for any type of content (such as news, forums, events, etc.) and one or many independent shops. Every store will have its own Internet domain, and all the features and the personalization of a typical e-commerce site. Each can be administered in full autonomy by its own administrator.
fix for a SQL injection vulnerability
thanks to David Byrne, I've know a SQL injection ulnerability in the store-side of PHP-Multishop. It is caused by improper variable sanitizing in store/includes/multishop_functions.php called from store/login.php.
To get further details and a fix, download the package 'fix-store-sql-injection-0.1.zip' here:
Update multishop to the last oscommerce
In the Download (http://multishop.tropic.it/modules.php?name=Downloads) section of the Multishop Demo portal is available the package to update php-multishop-0.8 to the last fixes and changes released by the osCommerce team on 2005-11-13.