Skip to main content

Search Autocomplete CVE-2012-1638

MEDIUM
SQL Injection (CWE-89)
2012-09-19 secalert@redhat.com
6.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.0 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Sep 19, 2012 - 21:55 cve.org
MEDIUM 6.0

DescriptionCVE.org

SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.

AnalysisAI

SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. Affected products include: Dominique Clause Search Autocomplete. Version information: before 7..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

Share

CVE-2012-1638 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy