VYPR
Unrated severityNVD Advisory· Published May 21, 2012· Updated Jun 16, 2026

CVE-2012-2340

CVE-2012-2340

Description

The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:geoff_davies:contact_forms:7.x-1.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:geoff_davies:contact_forms:7.x-1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:geoff_davies:contact_forms:7.x-1.x:dev:*:*:*:*:*:*
  • Range: <7.x-1.2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.