PT-2012-3402 · Drupal · Drupal Search Autocomplete
Kurt Seifried
·
Published
2012-09-19
·
Updated
2012-09-21
·
CVE-2012-1638
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Drupal Search Autocomplete module versions prior to 7.x-2.1
Description
The issue allows remote authenticated users with the "use search autocomplete" permission to execute arbitrary SQL commands.
Recommendations
For versions prior to 7.x-2.1, update to version 7.x-2.1 or later to resolve the issue.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Search Autocomplete