AspDotNetStorefront is reportedly prone to an access validation vulnerability that may allow a remote attacker to delete arbitrary contents from a vulnerable Web site. The issue occurs because the 'deleteicon.aspx' script does not validate access before allowing an unprivileged user to delete contents such as icons and images from the site.
Other attacks may be possible as well, however, this has not been confirmed.
AspDotNetStorefront 3.3 is reportedly affected by this issue, however, it is possible that other versions are affected as well.
aspdotnetstorefront contains a flaw that allows a remote broswer based attack. This flaw exists because the application does not validate sessions correctly. Successful exploitation requires submission of a specially crafted URL to the administrative script deleteicon.aspx. This could allow a user to delete images on the server leading to loss of integrity. This vulnerability requires the attacker to know or guess a Product number to succeed.
Upgrade to versions higher than 3.3 as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.