Primary

Context

Inrove Software BiEticaret CMS Execution After Redirect Vulnerability Allowing Authentication Bypass and HTTP Response Splitting

Vulnerability

A vulnerability allowing execution after redirect (EAR), missing authentication for critical functions, has been identified in Inrove Software and Internet Services BiEticaret CMS. This vulnerability allows authentication bypass and HTTP response splitting. It affects BiEticaret CMS versions 2.1.13 through 19022026.

Impact

Exploitation of this vulnerability could lead to authentication bypass, allowing unauthorized access to critical functions, and could also be used to manipulate HTTP responses, potentially leading to further attacks.

Remediation

The vendor has not addressed this vulnerability. Users are advised to consider switching to a different application.

Added: Feb 19, 2026, 7:02 PM

Updated: Feb 19, 2026, 7:02 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Inrove Software BiEticaret CMS Execution After Redirect Vulnerability Allowing Authentication Bypass and HTTP Response Splitting

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating