Lucene search
HistoryAug 18, 2015 - 5:59 p.m.
CVE-2015-5493
cve-2015-5493
nvd
entityform block module
drupal
permissions
remote attackers
access
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.1%
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors.
Affected configurations
Node
entityform_block_projectentityform_blockMatch7.x-1.0drupal
ORentityform_block_projectentityform_blockMatch7.x-1.1drupal
ORentityform_block_projectentityform_blockMatch7.x-1.2drupal
ORentityform_block_projectentityform_blockMatch7.x-1.x-devdrupal
Related
cvelist
cvelist
CVE-2015-5493
2015-08-18 17:00:00
prion
prion
Design/Logic Flaw
2015-08-18 17:59:00
drupal
drupal
Entityform Block - Moderately Critical - Access Bypass - SA-CONTRIB-2015-106
2015-05-06 00:00:00
nvd
nvd
CVE-2015-5493
2015-08-18 17:59:43
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
69.1%
Related for CVE-2015-5493