Skip to main content

Webform Civicrm

1 CVEs product

Monthly

CVE-2012-5554 MEDIUM PATCH This Month

The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Webform Civicrm
NVD
CVSS 2.0
5.0
EPSS
0.2%
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Webform Civicrm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy