The Bitrix e-Store module prior to 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote malicious users to guess the cookie value and bypass authentication via a brute force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bitrix bitrix_e-store_module |