add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.Referenceshttp://marc.info/?l=bugtraq&m=97240616129614&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/5402http://www.osvdb.org/6487
