The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.
References
Link | Resource |
---|---|
http://drupal.org/node/1768632 | |
http://drupal.org/node/1834868 | Patch Vendor Advisory |
http://drupal.org/node/1774252 | Patch |
http://www.openwall.com/lists/oss-security/2012/11/20/4 |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2012-12-03 13:55
Updated : 2012-12-03 21:00
NVD link : CVE-2012-5554
Mitre link : CVE-2012-5554
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
coleman_watts
- webform_civicrm
drupal
- drupal