Vulnerability Details CVE-2013-7302
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.4%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2013-7302
-
cpe:2.3:a:drupal:drupal:-
-
cpe:2.3:a:ubercart:ubercart:6.x-2.0
-
cpe:2.3:a:ubercart:ubercart:6.x-2.1
-
cpe:2.3:a:ubercart:ubercart:6.x-2.10
-
cpe:2.3:a:ubercart:ubercart:6.x-2.11
-
cpe:2.3:a:ubercart:ubercart:6.x-2.12
-
cpe:2.3:a:ubercart:ubercart:6.x-2.2
-
cpe:2.3:a:ubercart:ubercart:6.x-2.3
-
cpe:2.3:a:ubercart:ubercart:6.x-2.4
-
cpe:2.3:a:ubercart:ubercart:6.x-2.6
-
cpe:2.3:a:ubercart:ubercart:6.x-2.7
-
cpe:2.3:a:ubercart:ubercart:6.x-2.8
-
cpe:2.3:a:ubercart:ubercart:6.x-2.9
-
cpe:2.3:a:ubercart:ubercart:7.x-3.0
-
cpe:2.3:a:ubercart:ubercart:7.x-3.1
-
cpe:2.3:a:ubercart:ubercart:7.x-3.2
-
cpe:2.3:a:ubercart:ubercart:7.x-3.3
-
cpe:2.3:a:ubercart:ubercart:7.x-3.4
-
cpe:2.3:a:ubercart:ubercart:7.x-3.5