S-Quadra Advisory #2004-03-31 - CactuShop shopping cart versions 5.x suffer from a SQL injection attack that allows for remote code execution via the MS SQL xp_cmdshell function. They also have a cross site scripting vulnerability.
d6c5fc742f5d4a4adf31b6ea32e79a6ba6bdfbf8a51f4d9d2fa1268682a60811