MidnightBSD

Advisories for entityform_block_project

CVE-2015-5493 MEDIUM

The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
entityform_block_project entityform_block 7.x-1.x-dev
entityform_block_project entityform_block 7.x-1.2
entityform_block_project entityform_block 7.x-1.0
entityform_block_project entityform_block 7.x-1.1