CVE-2012-4471

EUVD-2012-4400
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
dominique_clausesearch_autocomplete
7.x-2.0:x
dominique_clausesearch_autocomplete
7.x-2.1:x
dominique_clausesearch_autocomplete
7.x-2.3:x
dominique_clausesearch_autocomplete
7.x-2.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1649442
http://drupal.org/node/1679422
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://www.securityfocus.com/bid/54379
http://drupal.org/node/1649442
http://drupal.org/node/1679422
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://www.securityfocus.com/bid/54379