Vulnerability Details : CVE-2011-1661
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
Exploit prediction scoring system (EPSS) score for CVE-2011-1661
Probability of exploitation activity in the next 30 days: 0.45%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-1661
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-1661
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1661
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66604
Node Quick Find module for Drupal db_rewrite_sql information disclosure CVE-2011-1661 Vulnerability Report
-
http://www.securityfocus.com/bid/47238
Drupal Node Quick Find Module Information Disclosure Vulnerability
-
http://drupal.org/node/1080114
Access to this page has been denied.Patch
-
http://drupal.org/files/issues/db_rewrite_sql_12.patch
Patch
-
http://drupal.org/node/1118408
SA-CONTRIB-2011-016 - Node Quick Find - Information Disclosure | Drupal.orgPatch;Vendor Advisory
Products affected by CVE-2011-1661
- cpe:2.3:a:nicholas_thompson:node_quick_find:6.x-1.1:*:*:*:*:*:*:*