Lucene search

[email protected]CVE-2012-2340

HistoryMay 21, 2012 - 8:55 p.m.

CVE-2012-2340

2012-05-2120:55:18

CWE-264

[email protected]

web.nvd.nist.gov

cve-2012-2340

drupal

contact forms module

remote authenticated users

security vulnerability

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.2%

JSON

The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the “access the site-wide contact form” permission to modify the module settings via unspecified vectors.

Affected configurations

NVD

Node

geoff_daviescontact_formsMatch7.x-1.1

geoff_daviescontact_formsMatch7.x-1.xdev

AND

drupaldrupal

CPENameOperatorVersion
geoff_davies:contact_formsgeoff davies contact formseq7.x-1.1
geoff_davies:contact_formsgeoff davies contact formseq7.x-1.x

CPE	Name	Operator	Version
geoff_davies:contact_forms	geoff davies contact forms	eq	7.x-1.1
geoff_davies:contact_forms	geoff davies contact forms	eq	7.x-1.x

References

drupal.org/node/1569352

drupal.org/node/1569508

drupalcode.org/project/contact_forms.git/commitdiff/d11ce2b

secunia.com/advisories/49070

www.openwall.com/lists/oss-security/2012/05/10/6

www.openwall.com/lists/oss-security/2012/05/11/2

www.openwall.com/lists/oss-security/2012/06/14/3

www.openwall.com/lists/oss-security/2012/06/15/6

www.securityfocus.com/bid/53441

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

60.2%

JSON

Related for CVE-2012-2340

prion1 nvd2 cvelist1 drupal1 cve1