CVE-2021-29350

SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt