CVE-2024-13256

Name of the Vulnerable Software and Affected Versions Email Contact versions 0.0.0 through 2.0.4

Description The issue is related to insufficient granularity of access control in the Email Contact module for Drupal, allowing forceful browsing. This can be exploited by a remote attacker to bypass security restrictions.

Recommendations For versions 0.0.0 through 2.0.4, update to a version newer than 2.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the Email Contact module to minimize the risk of exploitation.