CVE-2012-5554 Information

Description

The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has \Enforce Permissions\ disabled which allows remote attackers to obtain contact information by reading webforms.

Reference

http://drupal.org/node/1768632 http://drupal.org/node/1774252 http://drupal.org/node/1834868 http://www.openwall.com/lists/oss-security/2012/11/20/4