Coleman Watts: >> Webform Civicrm >> 7.x-3.x Security Vulnerabilities
The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has "Enforce Permissions" disabled, which allows remote attackers to obtain contact information by reading webforms.
CVSS Score
5.0
EPSS Score
0.002
Published
2012-12-03