Coleman Watts » Webform Civicrm : Security Vulnerabilities, CVEs, CVSS score >= 4
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-12-03
Updated
2012-12-04
1 vulnerabilities found