Lucene search
PRIOn knowledge basePRION:CVE-2012-2340HistoryMay 21, 2012 - 8:55 p.m.
Design/Logic Flaw
2012-05-2120:55:00
PRIOn knowledge base
www.prio-n.com
1
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the “access the site-wide contact form” permission to modify the module settings via unspecified vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contact_forms | eq | 7.120.11 | |
| contact_forms | eq | 7.x-1.x dev |
References
drupalcode.org/project/contact_forms.git/commitdiff/d11ce2b
secunia.com/advisories/49070
www.openwall.com/lists/oss-security/2012/05/10/6
www.openwall.com/lists/oss-security/2012/05/11/2
www.openwall.com/lists/oss-security/2012/06/14/3
www.openwall.com/lists/oss-security/2012/06/15/6
www.securityfocus.com/bid/53441
drupal.org/node/1569352
drupal.org/node/1569508
Related
nvd
nvd
CVE-2012-2340
2012-05-21 20:55:18
CVE-2012-2700
2012-06-27 00:55:01
drupal
drupal
SA-CONTRIB-2012-074 - Contact Forms - Access Bypass
2012-05-09 00:00:00
cvelist
cvelist
CVE-2012-2340
2012-05-21 20:00:00
cve
cve
CVE-2012-2340
2012-05-21 20:55:18
CVE-2012-2700
2022-10-03 16:15:35