2007-10-07 01:00:00
mitre
PUBLISHED
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.