CVE-2018-11373

iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.