An incorrect configuration of the Order Form 1.0 shopping cart CGI program could disclose private information.