結構便利そうに見えたのだが困った問題が。
たとえばadmin/products_price_manager.phpの以下の部分

        $db->Execute("update " . TABLE_PRODUCTS . " set
            products_price='" . zen_db_prepare_input($_POST['products_price']) . "',
            products_tax_class_id='" . zen_db_prepare_input($_POST['products_tax_class_id']) . "',
            products_date_available=" . $products_date_available . ",
            products_last_modified=now(),
            products_status='" . zen_db_prepare_input($_POST['products_status']) . "',
            products_quantity_order_min='" . zen_db_prepare_input($_POST['products_quantity_order_min']) . "',
            products_quantity_order_units='" . zen_db_prepare_input($_POST['products_quantity_order_units']) . "',
            products_quantity_order_max='" . zen_db_prepare_input($_POST['products_quantity_order_max']) . "',
            product_is_free='" . zen_db_prepare_input($_POST['product_is_free']) . "',
            product_is_call='" . zen_db_prepare_input($_POST['product_is_call']) . "',
            products_quantity_mixed='" . zen_db_prepare_input($_POST['products_quantity_mixed']) . "',
            products_priced_by_attribute='" . zen_db_prepare_input($_POST['products_priced_by_attribute']) . "',
            products_discount_type='" . zen_db_prepare_input($_POST['products_discount_type']) . "',
            products_discount_type_from='" . zen_db_prepare_input($_POST['products_discount_type_from']) . "',
            products_price_sorter='" . $products_price_sorter . "',
            master_categories_id='" . zen_db_prepare_input($master_categories_id) . "',
            products_mixed_discount_quantity='" . zen_db_prepare_input($_POST['products_mixed_discount_quantity']) . "'
            where products_id='" . $products_filter . "'");

• preparedステートメントなんか知らねー的組み立て
• intだろうがなんだろうがとことんクォート
• だから謎のメソッドzen_db_prepare_inputに頼りまくり

そりゃインジェクションもでるわ。