Lucene search

[email protected]NVD:CVE-2011-1661

HistoryApr 10, 2011 - 2:51 a.m.

CVE-2011-1661

2011-04-1002:51:19

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.005

Percentile

75.3%

JSON

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

Affected configurations

Nvd

Node

nicholas_thompsonnode_quick_findMatch6.x-1.1

AND

drupaldrupal

VendorProductVersionCPE
nicholas_thompsonnode_quick_find6.x-1.1cpe:2.3:a:nicholas_thompson:node_quick_find:6.x-1.1:*:*:*:*:*:*:*
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nicholas_thompson	node_quick_find	6.x-1.1	cpe:2.3:a:nicholas_thompson:node_quick_find:6.x-1.1:::::::*
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::

References

drupal.org/files/issues/db_rewrite_sql_12.patch

drupal.org/node/1080114

drupal.org/node/1118408

secunia.com/advisories/44046

www.securityfocus.com/bid/47238

exchange.xforce.ibmcloud.com/vulnerabilities/66604

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.005

Percentile

75.3%

JSON

Related for NVD:CVE-2011-1661

prion1 cve1 cvelist1