Lucene search

[email protected]CVE-2011-1661

HistoryApr 10, 2011 - 2:51 a.m.

CVE-2011-1661

2011-04-1002:51:19

CWE-264

[email protected]

web.nvd.nist.gov

cve-2011-1661

node quick find

drupal

access restrictions

remote attackers

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.3%

JSON

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

Affected configurations

NVD

Node

nicholas_thompsonnode_quick_findMatch6.x-1.1

AND

drupaldrupal

CPENameOperatorVersion
nicholas_thompson:node_quick_findnicholas thompson node quick findeq6.x-1.1

CPE	Name	Operator	Version
nicholas_thompson:node_quick_find	nicholas thompson node quick find	eq	6.x-1.1

References

drupal.org/files/issues/db_rewrite_sql_12.patch

drupal.org/node/1080114

drupal.org/node/1118408

secunia.com/advisories/44046

www.securityfocus.com/bid/47238

exchange.xforce.ibmcloud.com/vulnerabilities/66604

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2011-1661

prion1 cvelist1 nvd1