Vulnerability Description
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dominique Clause | Search Autocomplete | 7.x-2.0 |
| Drupal | Drupal | - |
Related Weaknesses (CWE)
References
- http://drupal.org/node/1649442Patch
- http://drupal.org/node/1679422PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/04/3
- http://www.securityfocus.com/bid/54379
- http://drupal.org/node/1649442Patch
- http://drupal.org/node/1679422PatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/10/04/3
- http://www.securityfocus.com/bid/54379
FAQ
What is CVE-2012-4471?
CVE-2012-4471 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the pr...
How severe is CVE-2012-4471?
CVE-2012-4471 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4471?
Check the references section above for vendor advisories and patch information. Affected products include: Dominique Clause Search Autocomplete, Drupal Drupal.