Drupal Email Contact Module Insufficient Access Control Vulnerability Allowing Forceful Browsing

Vulnerability

A vulnerability in the Drupal Email Contact module, versions 0.0.0 prior to 2.0.4, has been identified. This issue arises from insufficient granularity in access control, which allows for forceful browsing. Users may exploit this vulnerability to bypass restrictions and access content or features that should be limited or unavailable to them.

Impact

Exploitation of this vulnerability could lead to unauthorized access to restricted content or features, allowing users to browse areas of the site they should not have access to.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Drupal Email Contact Module Insufficient Access Control Vulnerability Allowing Forceful Browsing

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating