RSS   Vulnerabilities for 'Search autocomplete'   RSS

2012-11-30
 
CVE-2012-4471

CWE-264
 

 
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.

 
2012-09-19
 
CVE-2012-1638

CWE-89
 

 
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top