BiEticaret CMS: Unsecured Access to Critical Function

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

BiEticaret CMS: Unsecured Access to Critical Function

CVE-2025-8350

Summary

An issue in certain versions of BiEticaret CMS makes it possible for an attacker to bypass the login process and access sensitive areas of the website without a password. This could lead to unauthorized changes or data theft. We recommend that users update to the latest version of BiEticaret CMS (2.1.14 or later) to fix this issue.

Original title

Original description

Execution After Redirect (EAR), Missing Authentication for Critical Function vulnerability in Inrove Software and Internet Services BiEticaret CMS allows Authentication Bypass, HTTP Response Splitting.This issue affects BiEticaret CMS: from 2.1.13 through 19022026.

NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

nvd CVSS3.1 9.8

Vulnerability type

CWE-306 Missing Authentication for Critical Function

CWE-698

https://www.usom.gov.tr/bildirim/tr-26-0077

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026