add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.