CVE-2013-7137

Name of the Vulnerable Software and Affected Versions Burden versions prior to 1.8.1

Description The issue concerns the "remember me" functionality in login.php, allowing remote attackers to bypass authentication and gain privileges. This is achieved by setting the burden user rememberme cookie to 1.

Recommendations For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider disabling the "remember me" functionality in login.php until a patch is available. Restrict access to the login.php module to minimize the risk of exploitation. Avoid using the burden user rememberme cookie in the affected login functionality until the issue is resolved.