Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-5554
cve-2012-5554
webform civicrm integration
security vulnerability
remote attack
contact information
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
57.7%
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has “Enforce Permissions” disabled, which allows remote attackers to obtain contact information by reading webforms.
Affected configurations
Node
coleman_wattswebform_civicrmMatch7.x-3.0
ORcoleman_wattswebform_civicrmMatch7.x-3.0beta1
ORcoleman_wattswebform_civicrmMatch7.x-3.0beta2
ORcoleman_wattswebform_civicrmMatch7.x-3.0beta3
ORcoleman_wattswebform_civicrmMatch7.x-3.0beta4
ORcoleman_wattswebform_civicrmMatch7.x-3.0beta5
ORcoleman_wattswebform_civicrmMatch7.x-3.0rc1
ORcoleman_wattswebform_civicrmMatch7.x-3.0rc2
ORcoleman_wattswebform_civicrmMatch7.x-3.0rc3
ORcoleman_wattswebform_civicrmMatch7.x-3.0rc4
ORcoleman_wattswebform_civicrmMatch7.x-3.1
ORcoleman_wattswebform_civicrmMatch7.x-3.xdev
drupaldrupalMatch-
Related
nvd
nvd
CVE-2012-5554
2012-12-03 21:55:02
prion
prion
Default configuration
2012-12-03 21:55:00
cvelist
cvelist
CVE-2012-5554
2022-10-03 16:15:32
drupal
drupal
SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass
2012-11-07 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
57.7%
Related for CVE-2012-5554