Drupal · Email Contact · CVE-2024-13256
**Name of the Vulnerable Software and Affected Versions**
Email Contact versions 0.0.0 through 2.0.4
**Description**
The issue is related to insufficient granularity of access control in the Email Contact module for Drupal, allowing forceful browsing. This can be exploited by a remote attacker to bypass security restrictions.
**Recommendations**
For versions 0.0.0 through 2.0.4, update to a version newer than 2.0.4 to resolve the issue.
As a temporary workaround, consider restricting access to the Email Contact module to minimize the risk of exploitation.