CVE-2013-6788 Information

Description

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.

Reference

http://secunia.com/advisories/56033 http://www.bitrixsoft.com/products/cms/versions.php?module=sale http://www.securityfocus.com/bid/63606 https://www.htbridge.com/advisory/HTB23183