CVE-2005-2220

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce (affected versions not specified)

Description: The issue allows remote attackers to change a product price by modifying the x DragonflyCartProductPrice hidden field in several API endpoints, including "dc Categorieslist.asp", "dc Categoriesview.asp", "dc productslist.asp", and "dc productslist Clearance.asp". The vendor has disputed this issue, stating that Dragonfly Commerce does not allow editing prices or viewing client information except by authorized staff. However, SecurityTracker claims to have confirmed the problem.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.