Quote Originally Posted by Terrill_Taylor View Post
"http://www.xxxxxxx.com/index.php? action=multiple_products_add_product%3F--- --------------------------7960974498108416 42884967624%0D%0AContent-Disposition%3A+fo rm-data+and+1%3D1&sort=20a&cPath=100&+name =%22submit1.x%22%0D%0A%0D%0A1%0D%0A-----
Your host has a mod_sec rule in place to protect you from possible SQL Injection attempts, which is what's triggering a blank page and/or a 406 response when someone attempts to visit that URL.

Quote Originally Posted by YourHostingCompany
Access denied with code 406 (phase 2). Pattern match "(?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length|count|top)\b.{1,100}?\bfrom|fr om\b.{1,100}?\bwhere)|.*?\b(?:d(?:ump\b.*\bfrom|ata_type)|(?:to_(?:numbe|cha)|in st)r))|p_(?:(?:addextendedpro|sqlexe)c|(?:oacreat|prepar)e|execute(?:sql)?|makew ebtask)|ql_(? ..." at ARGS:name. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "83"] [id "950001"] [msg "SQL Injection Attack. Matched signature <and 1=>"] [severity "CRITICAL"]

Mod_sec is always gonna nail you on this before it gets to Zen cart which also would have done nothing with it as it scrubs the input before taking action
Mod_sec fires before Zen Cart even comes into the picture.

IMO, if SM is too technically incompetent to understand that the security systems of common webservers are providing protections before the application can ever be invoked, and are flagging you as failing because of it, then they have no business being in the security field.

If SM won't listen to *you*, then log a ticket with your hosting company for assistance, as this issue is not a Zen Cart issue.