MidnightBSD

Advisories for geoff_davies

CVE-2012-2340 LOW

The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
geoff_davies contact_forms 7.x-1.1
geoff_davies contact_forms 7.x-1.x