CVE-2013-6788

Bitrix E-store Module < 14.0.0 - Authentication Bypass

Title source: rule

Description

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.

References (4)

[Vendor Advisory] http://www.bitrixsoft.com/products/cms/versions.php?module=sale

[Vendor Advisory] https://www.htbridge.com/advisory/HTB23183

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/63606

[Third Party Advisory] http://secunia.com/advisories/56033

Scores

EPSS 0.0043

EPSS Percentile 62.4%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

bitrix/bitrix_e-store_module < 14.0.0

Timeline

Published May 30, 2014

Tracked Since Feb 18, 2026