Lucene search

RedhatCVELIST:CVE-2012-1638

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-1638

2022-10-0316:15:26

redhat

www.cve.org

sql injection

drupal

search autocomplete

cve-2012-1638

vulnerability

7.9 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.0%

JSON

SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the “use search_autocomplete” permission to execute arbitrary SQL commands via unspecified vectors.

References

drupal.org/node/1410674

drupal.org/node/1416612

drupalcode.org/project/search_autocomplete.git/commit/589e8f6

secunia.com/advisories/47731

www.openwall.com/lists/oss-security/2012/04/07/1

www.securityfocus.com/bid/51667