The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.