CVE-2013-7137

CRITICAL

burden < 1.8.1 - Unauthenticated Authentication Bypass via Remember Me Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7137. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The advisory describes an authentication bypass vulnerability in Burden 1.8, where setting the 'burden_user_rememberme' cookie to '1' grants administrative access. The exploit is trivial and requires no authentication.

Description

The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.

Exploits (1)

exploitdb WRITEUP

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/30916

View Code ZIP pw:eip

The advisory describes an authentication bypass vulnerability in Burden 1.8, where setting the 'burden_user_rememberme' cookie to '1' grants administrative access. The exploit is trivial and requires no authentication.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Burden 1.8 and prior

No auth needed

Prerequisites: Access to the target application's login page

MITRE ATT&CK