6.4 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
57.6%
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has βEnforce Permissionsβ disabled, which allows remote attackers to obtain contact information by reading webforms.
drupal.org/node/1768632
drupal.org/node/1774252
drupal.org/node/1834868
www.openwall.com/lists/oss-security/2012/11/20/4