CVE-2024-13256

CVE-2024-13256: Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020

Vendor Drupal
Product Email Contact
Weakness CWE-1220
Published January 9, 2025
Last update January 10, 2025

CVSS base score

What the vulnerability does

01Description

Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 10, 2025 Record updated