cbcvebase.
CVE-2013-7137
published 2014-01-26

CVE-2013-7137: The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the…

PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
16.07%
96.5th percentile
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.

Affected

1 ranges
VendorProductVersion rangeFixed in
burden_projectburden< 1.8.11.8.1

Detection & IOCsextracted from sources · hover to see the quote

cookieburden_user_rememberme=1
path/login.php
  • Detect unauthenticated HTTP requests to login.php carrying the cookie burden_user_rememberme=1, which indicates an authentication bypass attempt.
  • Monitor for the burden_user_rememberme cookie being set to 1 by remote, non-authenticated users, as this grants administrative privileges without valid credentials.
  • ·The vulnerability is fixed in Burden 1.8.1; instances running version 1.8 or prior are vulnerable.
  • ·The cookie can be trivially set using browser developer tools or plugins, requiring no special tooling for exploitation.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.