VYPR
Unrated severityNVD Advisory· Published Apr 29, 2014· Updated Jun 17, 2026

CVE-2013-7302

CVE-2013-7302

Description

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

45
  • Ubercart/Ubercart44 versions
    cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*+ 43 more
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:dev:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc5:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc6:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.0:rc7:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:6.x-2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:alpha3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:dev:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ubercart:ubercart:7.x-3.5:*:*:*:*:*:*:*
  • Range: <6.x-2.13, <7.x-3.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.