My company has pap3 installed on a server. I did some tests from my home computer, and was able to notify the system about new sales. I did it by faking a cookie and sending a GET to sale.php.
Can something be done to prevent this? It is a serious security breach.

Thank you.