VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 29, 2014· Updated May 6, 2026

CVE-2013-7302

CVE-2013-7302

Description

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.

Affected products

44
  • Ubercart/Ubercart44 versions
    cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*+ 43 more
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.5:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.