High-Tech Bridge Security Research Lab discovered a vulnerability in Bitrix Site Manager version 12.5.13 that can be exploited to spoof a user's identity and read, modify or delete pre-ordered items in customer's basket.
df32b7608aa8097f5c204ce23131150794fa4c21f8a3007af5bab1d3219dd012