25 matches found
CVE-2012-1638
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use searchautocomplete" permission to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-1638
The CVE-2012-1638 issue affects the Drupal Search Autocomplete module (7.x) before version 7.x-2.1. The vulnerability arises because the module does not properly use Drupal’s database API, allowing a remote authenticated user with the permission "use search_autocomplete" to execute arbitrary SQL ...
SA-CONTRIB-2012-107 - Search autocomplete - Access bypass
This module allows you to add autocomplete functionality to virtually any fields of a Drupal site. The module doesn't sufficiently protect access to the module admin page. This vulnerability is mitigated by the fact that the user can only access the page, disable an autocompletion or change...
SA-CONTRIB-2012-013 - Search Autocomplete - SQL Injection
CVE: CVE-2012-1638 The Search Autocomplete module allows you to add autocomplete functionality to the search fields of a Drupal site. Search Autocomplete does not properly use Drupal's database API, making it possible for a malicious user to carryout SQL injection on the site. This vulnerability ...
WordPress Search Autocomplete Plugin <= 1.0.8 - SQL Injection
Search Autocomplete plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Upgrade the plugin...