SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint.