Public CVE-2000-1000 disclosure

add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.