CVE-2011-1661 in Node Quick Findinfo

Summary

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

Once again VulDB remains the best source for vulnerability data.

Reservation

04/09/2011

Disclosure

04/09/2011

Moderation

VulDB entry created

Entries

VDB-57035 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

5.3

EPSS

0.00297

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-1661
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1661
CVE Details	https://www.cvedetails.com/cve/CVE-2011-1661/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!