Vulnerability Description
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitrix | Bitrix E-Store Module | <= 14.0.0 |
| Bitrix | Bitrix Site Manager | <= 12.5.13 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/56033
- http://www.bitrixsoft.com/products/cms/versions.php?module=saleVendor Advisory
- http://www.securityfocus.com/bid/63606
- https://www.htbridge.com/advisory/HTB23183
- http://secunia.com/advisories/56033
- http://www.bitrixsoft.com/products/cms/versions.php?module=saleVendor Advisory
- http://www.securityfocus.com/bid/63606
- https://www.htbridge.com/advisory/HTB23183
FAQ
What is CVE-2013-6788?
CVE-2013-6788 is a vulnerability with a CVSS score of 7.5 (HIGH). The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypas...
How severe is CVE-2013-6788?
CVE-2013-6788 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6788?
Check the references section above for vendor advisories and patch information. Affected products include: Bitrix Bitrix E-Store Module, Bitrix Bitrix Site Manager.