Nicholas Thompson : Security Vulnerabilities, CVEs,
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
Max CVSS
5.0
EPSS Score
0.45%
Published
2011-04-10
Updated
2017-08-17
The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships.
Max CVSS
5.0
EPSS Score
0.56%
Published
2011-03-23
Updated
2017-08-17
2 vulnerabilities found