Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61115
HistoryDec 16, 2013 - 12:00 a.m.

Bitrix Site Manager用户身份欺骗漏洞

2013-12-1600:00:00
Root
www.seebug.org
74

0.007 Low

EPSS

Percentile

78.9%

JSON

CVE(CAN) ID: CVE-2013-6788

Bitrix Site Manager是一款web站点管理工具。

Bitrix Site Manager中的预购电子存储模块显示时,没能充分核查数据的真实性,远程未经认证的用户可以更改“BITRIX_SM_SALE_UID”的cookie,浏览其他用户的购物信息和执行某些操作,如添加或删除购物车中的物品。
0
Bitrix Site Manager<=12.5.13
厂商补丁:

Bitrix

升级"sale"模块到14.0.1版本,请到厂商的主页下载:
http://www.bitrixsoft.com/products/cms/versions.php?module=sale

Related

packetstorm 1
cve 1
securityvulns 2
prion 1
htbridge 1
packetstorm
packetstorm
Bitrix Site Manager 12.5.13 Insufficient Verification
2013-12-16 00:00:00
cve
cve
CVE-2013-6788
2014-05-30 14:55:00
securityvulns
securityvulns
User Identity Spoofing in Bitrix Site Manager
2014-01-09 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-01-09 00:00:00
prion
prion
Authentication flaw
2014-05-30 14:55:00
htbridge
htbridge
User Identity Spoofing in Bitrix Site Manager
2013-11-06 00:00:00

0.007 Low

EPSS

Percentile

78.9%

JSON
Related for SSV:61115
packetstorm1cve1securityvulns2prion1htbridge1