CVE-2011-1661

2011-04-1001:00:00

mitre

www.cve.org

AI Score

6.6

Confidence

Low

EPSS

0.005

Percentile

75.3%

JSON

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

References

drupal.org/files/issues/db_rewrite_sql_12.patch

drupal.org/node/1080114

drupal.org/node/1118408

secunia.com/advisories/44046

www.securityfocus.com/bid/47238

exchange.xforce.ibmcloud.com/vulnerabilities/66604