Unrated severityNVD Advisory· Published Aug 18, 2015· Updated Jun 17, 2026
CVE-2015-5493
CVE-2015-5493
Description
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:entityform_block_project:entityform_block:7.x-1.0:*:*:*:*:drupal:*:*+ 3 more
- cpe:2.3:a:entityform_block_project:entityform_block:7.x-1.0:*:*:*:*:drupal:*:*
- cpe:2.3:a:entityform_block_project:entityform_block:7.x-1.1:*:*:*:*:drupal:*:*
- cpe:2.3:a:entityform_block_project:entityform_block:7.x-1.2:*:*:*:*:drupal:*:*
- cpe:2.3:a:entityform_block_project:entityform_block:7.x-1.x-dev:*:*:*:*:drupal:*:*
- Range: <7.x-1.3
Patches
Vulnerability mechanics
References
3- www.drupal.org/node/2483687nvdPatch
- www.drupal.org/node/2484169nvdPatchVendor Advisory
- www.openwall.com/lists/oss-security/2015/07/04/4nvd
News mentions
0No linked articles in our index yet.