Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1661

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1661
Last Modified 21 Apr 2011 12:00:00
Published 09 Apr 2011 10:51:19
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1661

Summary

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

Vulnerable Systems

Application

  • Nicholas Thompson Node Quick Find 6.x-1.1


References

CONFIRM - http://drupal.org/node/1118408

CONFIRM - http://drupal.org/node/1080114

MISC - http://drupal.org/files/issues/db_rewrite_sql_12.patch

XF - nodequickfind-dbrewritesql-info-disc(66604)

BID - 47238

SECUNIA - 44046


Last Updated: 27 May 2016 10:56:24