Unrated severityNVD Advisory· Published Apr 29, 2014· Updated Jun 17, 2026
CVE-2013-7302
CVE-2013-7302
Description
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
45cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.10:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.11:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.12:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:6.x-2.9:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.4:*:*:*:*:*:*:*
- cpe:2.3:a:ubercart:ubercart:7.x-3.5:*:*:*:*:*:*:*
- Range: <6.x-2.13, <7.x-3.6
Patches
Vulnerability mechanics
References
3- drupal.org/node/2158565nvdPatch
- drupal.org/node/2158567nvdPatch
- drupal.org/node/2158651nvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.