The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
entityform_block | eq | 7.120.10 | |
entityform_block | eq | 7.120.12 | |
entityform_block | eq | 7.0.0-x1-xdev | |
entityform_block | eq | 7.120.11 |