RSS   Vulnerabilities for 'Node quick find'   RSS

2011-04-09
 
CVE-2011-1661

CWE-264
 

 
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

 

 >>> Vendor: Nicholas thompson 2 Products
Relevant content
Node quick find


Copyright 2024, cxsecurity.com

 

Back to Top