CVE-2000-1001

add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.