IHTML Merchant SQL Injection Vulnerability

IHTML Merchant SQL Injection Vulnerability

No exploit is required.

The following proof of concept examples are available:
http://www.example.com/merchant.ihtml?id=56&step=[SQL]
http://www.example.com/merchant.ihtml?id=[SQL]
http://www.example.com/merchant.ihtml?pid=[SQL]