The default configuration for the Webform CiviCRM Integration module 7.x-3.x prior to 7.x-3.2 has "Enforce Permissions" disabled, which allows remote malicious users to obtain contact information by reading webforms.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
coleman_watts webform_civicrm 7.x-3.0 |
||
coleman_watts webform_civicrm 7.x-3.1 |
||
coleman_watts webform_civicrm 7.x-3.x |