6.8

CVE-2013-7302

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.

Data is provided by the National Vulnerability Database (NVD)
UbercartUbercart Version6.x-2.0
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta1
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta2
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta3
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta4
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta5
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatebeta6
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updatedev
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc1
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc2
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc3
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc4
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc5
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc6
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.0 Updaterc7
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.1
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.2
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.3
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.4
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.6
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.7
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.8
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.9
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.10
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.11
   DrupalDrupal Version-
UbercartUbercart Version6.x-2.12
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatealpha1
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatealpha2
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatealpha3
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatebeta1
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatebeta2
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatebeta3
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatebeta4
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updatedev
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updaterc1
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updaterc2
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updaterc3
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.0 Updaterc4
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.1
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.2
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.3
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.4
   DrupalDrupal Version-
UbercartUbercart Version7.x-3.5
   DrupalDrupal Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.41% 0.585
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://drupal.org/node/2158651
Patch
Vendor Advisory