CVE-2013-7302

2014-04-29T14:38:00
ID CVE-2013-7302
Type cve
Reporter cve@mitre.org
Modified 2014-04-30T14:04:00

Description

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.