Vigil@nce - Drupal Webform Component Roles: read-write access
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass access restrictions of Drupal Webform
Component Roles, in order to alter data.
Impacted products: Drupal Modules
Severity: 2/4
Creation date: 13/11/2014
DESCRIPTION OF THE VULNERABILITY
The Webform Component Roles module can be installed on Drupal, in
order to limit editable fields in a form.
However, an attacker can bypass access restrictions to data, and
alter these fields.
An attacker can therefore bypass access restrictions of Drupal
Webform Component Roles, in order to alter data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Drupal-Webform-Component-Roles-read-write-access-15637