SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.