Node Quick Find Module for Drupal Allows Unauthorized Access to Node Titles via Autocomplete

Node Quick Find Module for Drupal Allows Unauthorized Access to Node Titles via Autocomplete

CVE-2011-1661 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.