Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the Log in new customers after checkout option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ubercart | Ubercart | 6.x-2.0 (including) | 6.x-2.0 (including) |
| Ubercart | Ubercart | 6.x-2.0-beta1 (including) | 6.x-2.0-beta1 (including) |
| Ubercart | Ubercart | 6.x-2.0-beta2 (including) | 6.x-2.0-beta2 (including) |
| Ubercart | Ubercart | 6.x-2.0-beta3 (including) | 6.x-2.0-beta3 (including) |
| Ubercart | Ubercart | 6.x-2.0-beta4 (including) | 6.x-2.0-beta4 (including) |
| Ubercart | Ubercart | 6.x-2.0-beta5 (including) | 6.x-2.0-beta5 (including) |
| Ubercart | Ubercart | 6.x-2.0-beta6 (including) | 6.x-2.0-beta6 (including) |
| Ubercart | Ubercart | 6.x-2.0-dev (including) | 6.x-2.0-dev (including) |
| Ubercart | Ubercart | 6.x-2.0-rc1 (including) | 6.x-2.0-rc1 (including) |
| Ubercart | Ubercart | 6.x-2.0-rc2 (including) | 6.x-2.0-rc2 (including) |
| Ubercart | Ubercart | 6.x-2.0-rc3 (including) | 6.x-2.0-rc3 (including) |
| Ubercart | Ubercart | 6.x-2.0-rc4 (including) | 6.x-2.0-rc4 (including) |
| Ubercart | Ubercart | 6.x-2.0-rc5 (including) | 6.x-2.0-rc5 (including) |
| Ubercart | Ubercart | 6.x-2.0-rc6 (including) | 6.x-2.0-rc6 (including) |
| Ubercart | Ubercart | 6.x-2.0-rc7 (including) | 6.x-2.0-rc7 (including) |
| Ubercart | Ubercart | 6.x-2.1 (including) | 6.x-2.1 (including) |
| Ubercart | Ubercart | 6.x-2.2 (including) | 6.x-2.2 (including) |
| Ubercart | Ubercart | 6.x-2.3 (including) | 6.x-2.3 (including) |
| Ubercart | Ubercart | 6.x-2.4 (including) | 6.x-2.4 (including) |
| Ubercart | Ubercart | 6.x-2.6 (including) | 6.x-2.6 (including) |
| Ubercart | Ubercart | 6.x-2.7 (including) | 6.x-2.7 (including) |
| Ubercart | Ubercart | 6.x-2.8 (including) | 6.x-2.8 (including) |
| Ubercart | Ubercart | 6.x-2.9 (including) | 6.x-2.9 (including) |
| Ubercart | Ubercart | 6.x-2.10 (including) | 6.x-2.10 (including) |
| Ubercart | Ubercart | 6.x-2.11 (including) | 6.x-2.11 (including) |
| Ubercart | Ubercart | 6.x-2.12 (including) | 6.x-2.12 (including) |
| Ubercart | Ubercart | 7.x-3.0 (including) | 7.x-3.0 (including) |
| Ubercart | Ubercart | 7.x-3.0-alpha1 (including) | 7.x-3.0-alpha1 (including) |
| Ubercart | Ubercart | 7.x-3.0-alpha2 (including) | 7.x-3.0-alpha2 (including) |
| Ubercart | Ubercart | 7.x-3.0-alpha3 (including) | 7.x-3.0-alpha3 (including) |
| Ubercart | Ubercart | 7.x-3.0-beta1 (including) | 7.x-3.0-beta1 (including) |
| Ubercart | Ubercart | 7.x-3.0-beta2 (including) | 7.x-3.0-beta2 (including) |
| Ubercart | Ubercart | 7.x-3.0-beta3 (including) | 7.x-3.0-beta3 (including) |
| Ubercart | Ubercart | 7.x-3.0-beta4 (including) | 7.x-3.0-beta4 (including) |
| Ubercart | Ubercart | 7.x-3.0-dev (including) | 7.x-3.0-dev (including) |
| Ubercart | Ubercart | 7.x-3.0-rc1 (including) | 7.x-3.0-rc1 (including) |
| Ubercart | Ubercart | 7.x-3.0-rc2 (including) | 7.x-3.0-rc2 (including) |
| Ubercart | Ubercart | 7.x-3.0-rc3 (including) | 7.x-3.0-rc3 (including) |
| Ubercart | Ubercart | 7.x-3.0-rc4 (including) | 7.x-3.0-rc4 (including) |
| Ubercart | Ubercart | 7.x-3.1 (including) | 7.x-3.1 (including) |
| Ubercart | Ubercart | 7.x-3.2 (including) | 7.x-3.2 (including) |
| Ubercart | Ubercart | 7.x-3.3 (including) | 7.x-3.3 (including) |
| Ubercart | Ubercart | 7.x-3.4 (including) | 7.x-3.4 (including) |
| Ubercart | Ubercart | 7.x-3.5 (including) | 7.x-3.5 (including) |