2007-10-06 21:00:00
mitre
PUBLISHED
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.