CVE-2012-5588

Name of the Vulnerable Software and Affected Versions Email Field module versions 6.x-1.x before 6.x-1.3 for Drupal

Description The issue allows remote attackers to email the stored address via unspecified vectors when the field contact field formatter is set to the full or teaser display mode and a field permission module is used. This occurs due to improper permission checking.

Recommendations For Email Field module versions 6.x-1.x before 6.x-1.3, update to version 6.x-1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the field contact field formatter when set to the full or teaser display mode until the update is applied.