The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.