CVE-2002-0409

Name of the Vulnerable Software and Affected Versions ASP.NET example code (affected versions not specified)

Description The issue allows remote attackers to view the orders of other users by modifying the OrderID parameter in the "orderdetails.aspx" page. This page was made available to Microsoft .NET developers as example code and is demonstrated on www.ibuyspystore.com.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.