BestShopPro 'str' Parameter Cross Site Scripting and SQL Injection Vulnerabilities

BestShopPro is prone to cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.