CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
99.7%
This module allows you to add autocomplete functionality to virtually any fields of a Drupal site.
The module doesn’t sufficiently protect access to the module admin page. This vulnerability is mitigated by the fact that the user can only access the page, disable an autocompletion or change priority order.
CVE: CVE-2012-4471
Drupal core is not affected. If you do not use the contributed Search Autocomplete module, there is nothing you need to do.
Install the latest version:
Also see the Search Autocomplete project page.