Cartman contains a flaw that may allow a malicious user to buy a product with an arbitrary price. The issue is due to insufficient checks on the price parameter. By submitting a specially crafted request, a remote attacker can purchase products with any price desired, resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Per Magne Knutsens has released a patch to address this vulnerability.