← Back

CVE-2013-7302

nvd nist
Published: Apr 29, 2014Modified: May 6, 2026

JSON object

Loading...
6.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
Exploitability: 8.6 / Impact: 6.4
Source: NVD

Description

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.

Affected (44)

Products: Ubercart: Ubercart
Ubercart
1 product
Ubercart
Configuration A
44 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ubercart
Ubercart
Version 6.x-2.0
Ubercart
Version 6.x-2.0 beta1
Ubercart
Version 6.x-2.0 beta2
Ubercart
Version 6.x-2.0 beta3
Ubercart
Version 6.x-2.0 beta4
Ubercart
Version 6.x-2.0 beta5
Ubercart
Version 6.x-2.0 beta6
Ubercart
Version 6.x-2.0 dev
Ubercart
Version 6.x-2.0 rc1
Ubercart
Version 6.x-2.0 rc2
Ubercart
Version 6.x-2.0 rc3
Ubercart
Version 6.x-2.0 rc4
Ubercart
Version 6.x-2.0 rc5
Ubercart
Version 6.x-2.0 rc6
Ubercart
Version 6.x-2.0 rc7
Ubercart
Version 6.x-2.10
Ubercart
Version 6.x-2.11
Ubercart
Version 6.x-2.12
Ubercart
Version 6.x-2.1
Ubercart
Version 6.x-2.2
Ubercart
Version 6.x-2.3
Ubercart
Version 6.x-2.4
Ubercart
Version 6.x-2.6
Ubercart
Version 6.x-2.7
Ubercart
Version 6.x-2.8
Ubercart
Version 6.x-2.9
Ubercart
Version 7.x-3.0
Ubercart
Version 7.x-3.0 alpha1
Ubercart
Version 7.x-3.0 alpha2
Ubercart
Version 7.x-3.0 alpha3
Ubercart
Version 7.x-3.0 beta1
Ubercart
Version 7.x-3.0 beta2
Ubercart
Version 7.x-3.0 beta3
Ubercart
Version 7.x-3.0 beta4
Ubercart
Version 7.x-3.0 dev
Ubercart
Version 7.x-3.0 rc1
Ubercart
Version 7.x-3.0 rc2
Ubercart
Version 7.x-3.0 rc3
Ubercart
Version 7.x-3.0 rc4
Ubercart
Version 7.x-3.1
Ubercart
Version 7.x-3.2
Ubercart
Version 7.x-3.3
Ubercart
Version 7.x-3.4
Ubercart
Version 7.x-3.5
Running on/withPlatform Versions
Drupal
Drupal
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

Source: cve@mitre.org
Patch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.