The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVSS Metrics
