Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for BiEticaret CMS by Inrove Software and Internet Services

    CVE-2025-8350 (GCVE-0-2025-8350)

    Vulnerability from nvd – Published: 2026-02-19 11:30 – Updated: 2026-06-05 11:37
    VLAI
    Title
    Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS
    Summary
    Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-698 - Execution After Redirect (EAR)
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inrove Software and Internet Services BiEticaret CMS Affected: 2.1.13 , ≤ 19022026 (custom)
    Create a notification for this product.
    Date Public
    2026-02-19 11:13
    Credits
    Çetin BİNİCİ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T20:35:30.169181Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-20T20:35:41.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "BiEticaret CMS",
              "vendor": "Inrove Software and Internet Services",
              "versions": [
                {
                  "lessThanOrEqual": "19022026",
                  "status": "affected",
                  "version": "2.1.13",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "\u00c7etin B\u0130N\u0130C\u0130"
            }
          ],
          "datePublic": "2026-02-19T11:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.\u003cp\u003eThis issue affects BiEticaret CMS: from 2.1.13 through 19022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\u003c/p\u003e"
                }
              ],
              "value": "Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.\n\nThis issue affects BiEticaret CMS: from 2.1.13 through 19022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            },
            {
              "capecId": "CAPEC-34",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-34 HTTP Response Splitting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-698",
                  "description": "CWE-698 Execution After Redirect (EAR)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:37:46.810Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-26-0077"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0077"
            }
          ],
          "source": {
            "advisory": "TR-26-0077",
            "defect": [
              "TR-26-0077"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Authentication Bypass with Redirect in BiEticaret Software\u0027s BiEticaret CMS",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-8350",
        "datePublished": "2026-02-19T11:30:04.046Z",
        "dateReserved": "2025-07-30T11:43:48.488Z",
        "dateUpdated": "2026-06-05T11:37:46.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-8350 (GCVE-0-2025-8350)

    Vulnerability from cvelistv5 – Published: 2026-02-19 11:30 – Updated: 2026-06-05 11:37
    VLAI
    Title
    Authentication Bypass with Redirect in BiEticaret Software's BiEticaret CMS
    Summary
    Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting. This issue affects BiEticaret CMS: from 2.1.13 through 19022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-698 - Execution After Redirect (EAR)
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    References
    Impacted products
    Vendor Product Version
    Inrove Software and Internet Services BiEticaret CMS Affected: 2.1.13 , ≤ 19022026 (custom)
    Create a notification for this product.
    Date Public
    2026-02-19 11:13
    Credits
    Çetin BİNİCİ
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-8350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-20T20:35:30.169181Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-20T20:35:41.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "BiEticaret CMS",
              "vendor": "Inrove Software and Internet Services",
              "versions": [
                {
                  "lessThanOrEqual": "19022026",
                  "status": "affected",
                  "version": "2.1.13",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "\u00c7etin B\u0130N\u0130C\u0130"
            }
          ],
          "datePublic": "2026-02-19T11:13:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.\u003cp\u003eThis issue affects BiEticaret CMS: from 2.1.13 through 19022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\n\u003c/p\u003e"
                }
              ],
              "value": "Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.\n\nThis issue affects BiEticaret CMS: from 2.1.13 through 19022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            },
            {
              "capecId": "CAPEC-34",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-34 HTTP Response Splitting"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-698",
                  "description": "CWE-698 Execution After Redirect (EAR)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T11:37:46.810Z",
            "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
            "shortName": "TR-CERT"
          },
          "references": [
            {
              "tags": [
                "government-resource",
                "broken-link"
              ],
              "url": "https://www.usom.gov.tr/bildirim/tr-26-0077"
            },
            {
              "tags": [
                "government-resource"
              ],
              "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0077"
            }
          ],
          "source": {
            "advisory": "TR-26-0077",
            "defect": [
              "TR-26-0077"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Authentication Bypass with Redirect in BiEticaret Software\u0027s BiEticaret CMS",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "assignerShortName": "TR-CERT",
        "cveId": "CVE-2025-8350",
        "datePublished": "2026-02-19T11:30:04.046Z",
        "dateReserved": "2025-07-30T11:43:48.488Z",
        "dateUpdated": "2026-06-05T11:37:46.810Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }