phpShop versions 0.7.1 and below have a flaw where it is possible for an attacker to execute arbitrary code as the server.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/33302/phpshop_29-04-04.txt
Source: https://packetstormsecurity.com/files/33302/phpshop_29-04-04.txt.html