Geoff Davies : Security Vulnerabilities, CVEs, CVSS score >= 3
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.22%
Published
2012-05-21
Updated
2012-06-28
1 vulnerabilities found