CVE-2025-13004 PUBLISHED

IDOR in Farktor Software's E-Commerce Package

Assigner: TR-CERT
Reserved: 11.11.2025 Published: 12.02.2026 Updated: 12.02.2026

Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L
CVSS Score: 6.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	High
User Interaction	Required	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Farktor Software E-Commerce Services Inc.
Product	E-Commerce Package
Versions	Default: unaffected affected from 0 to 27112025 (incl.)

Credits

Berat ARSLAN finder

References

https://www.usom.gov.tr/bildirim/tr-26-0063

Problem Types

CWE-639 Authorization Bypass Through User-Controlled Key CWE

Impacts

CAPEC-77 Manipulating User-Controlled Variables