CVE-2013-7302 Information

Description

Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal when the \Log in new customers after checkout\ option is enabled allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.

Reference

https://drupal.org/node/2158565 https://drupal.org/node/2158567 https://drupal.org/node/2158651