Main Vulnerability Database Vulnerabilities #VU89776

Improper access control in Email Contact - #VU89776

Published: May 23, 2024

Vulnerability identifier: #VU89776

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Email Contact

Software vendor:
Denes.Szabo

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not sufficiently handle restricted entity or field access to the mail sending form, when the "Email contact link" formatter is used. A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitvie information.

Remediation

Install updates from vendor's website.

External links

https://www.drupal.org/sa-contrib-2024-020

Improper access control in Email Contact - #VU89776

Description

Remediation

External links

Please verify you're human