2 matches found
CVE-2005-2220
Dragonfly Commerce (Dragonfly) is affected by a vulnerability where remote attackers can modify the hidden field x_DragonflyCartProductPrice to alter product prices via several endpoints (dc_Categorieslist.asp, dc_Categoriesview.asp, dc_productslist.asp, dc_productslist_Clearance.asp). The vendor...
CVE-2005-2220
Dragonfly Commerce allows remote attackers to change a product price by modifying the xDragonflyCartProductPrice hidden field to 1 dcCategorieslist.asp, 2 dcCategoriesview.asp, 3 dcproductslist.asp, and 4 dcproductslistClearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfl...