CVE-2012-4471

The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
dominique_clausesearch_autocomplete
7.x-2.0:x
dominique_clausesearch_autocomplete
7.x-2.1:x
dominique_clausesearch_autocomplete
7.x-2.3:x
dominique_clausesearch_autocomplete
7.x-2.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1649442
http://drupal.org/node/1679422
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://www.securityfocus.com/bid/54379
http://drupal.org/node/1649442
http://drupal.org/node/1679422
http://www.openwall.com/lists/oss-security/2012/10/04/3
http://www.securityfocus.com/bid/54379