Node Quick Find Module for Drupal Allows Unauthorized Access to Node Titles via Autocomplete
CVE-2011-1661 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.