2 matches found
CVE-2015-5493
The CVE-2015-5493 entry describes a vulnerability in the Drupal Entityform Block module (7.x-1.x before 7.x-1.3). The root cause is improper permission checks when a form is locked to a role, enabling remote attackers to obtain access to certain entityforms via unspecified vectors. Affected softw...
Entityform Block - Moderately Critical - Access Bypass - SA-CONTRIB-2015-106
This module enables you to display an entityform as a block. The module doesn't sufficiently check permissions on the entityform under scenarios where the form is locked to a certain role. CVE identifiers issued CVE-2015-5493 Versions affected Entityform Block 7.x-1.x versions prior to 7.x-1.3...