EUVD-2015-5448

Malware in sbrugna...

Drupal Entityform Block Module Security Bypass Vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Entityform Block is one of the modules that outputs the specified Entityform which provides a solution for website surveys, contact forms as a block. A security vulnerability exists ...

CVE-2015-5493

The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors...

Design/Logic Flaw

The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors...

CVE-2015-5493

The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors...

CVE-2015-5493

The CVE-2015-5493 entry describes a vulnerability in the Drupal Entityform Block module (7.x-1.x before 7.x-1.3). The root cause is improper permission checks when a form is locked to a role, enabling remote attackers to obtain access to certain entityforms via unspecified vectors. Affected softw...

Entityform Block - Moderately Critical - Access Bypass - SA-CONTRIB-2015-106

This module enables you to display an entityform as a block. The module doesn't sufficiently check permissions on the entityform under scenarios where the form is locked to a certain role. CVE identifiers issued CVE-2015-5493 Versions affected Entityform Block 7.x-1.x versions prior to 7.x-1.3...