Drupal Contact Forms Module Access Bypass Vulnerability

Bugtraq ID:	53441
Class:	Access Validation Error
CVE:	CVE-2012-2700 CVE-2012-2340
Remote:	Yes
Local:	No
Published:	May 09 2012 12:00AM
Updated:	Mar 19 2015 07:35AM
Credit:	Vlad D
Vulnerable:	Drupal Contact Forms 7.x-1.1
Not Vulnerable:	Drupal Contact Forms 7.x-1.3 Drupal Contact Forms 7.x-1.2

Drupal Contact Forms Module Access Bypass Vulnerability

Contact Forms module for Drupal is prone to an access bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of application, thus perform unauthorized actions; this may aid in launching further attacks.

Contact Forms 7.x-1.x versions prior to 7.x-1.2 are vulnerable.

Drupal Contact Forms Module Access Bypass Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Drupal Contact Forms Module Access Bypass Vulnerability

Solution:
Updates are available; please see the references for more information.


Drupal Contact Forms 7.x-1.1

• Drupal contact_forms 7.x-1.3
  http://drupal.org/node/1569352

Drupal Contact Forms Module Access Bypass Vulnerability

References:

• Contact Forms Homepage (Drupal)
  
• SA-CONTRIB-2012-074 - Contact Forms - Access Bypass (Drupal)