CVE-2012-4471
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
El módulo de Autocompletar Búsqueda ("Search Autocomplete") v7.x-2.x antes de v7.x-2.4 para Drupal no restringe adecuadamente el acceso a la página de administración del módulo, lo que permite a atacantes remotos deshabilitar el autocompletado o cambiar el orden de prioridad a través de vectores no especificados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-21 CVE Reserved
- 2012-11-30 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/10/04/3 | Mailing List |
|
| http://www.securityfocus.com/bid/54379 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1649442 | 2013-01-30 | |
| http://drupal.org/node/1679422 | 2013-01-30 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dominique Clause Search vendor "Dominique Clause" | Search Autocomplete Search vendor "Dominique Clause" for product "Search Autocomplete" | 7.x-2.0 Search vendor "Dominique Clause" for product "Search Autocomplete" and version "7.x-2.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Dominique Clause Search vendor "Dominique Clause" | Search Autocomplete Search vendor "Dominique Clause" for product "Search Autocomplete" | 7.x-2.1 Search vendor "Dominique Clause" for product "Search Autocomplete" and version "7.x-2.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Dominique Clause Search vendor "Dominique Clause" | Search Autocomplete Search vendor "Dominique Clause" for product "Search Autocomplete" | 7.x-2.3 Search vendor "Dominique Clause" for product "Search Autocomplete" and version "7.x-2.3" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| Dominique Clause Search vendor "Dominique Clause" | Search Autocomplete Search vendor "Dominique Clause" for product "Search Autocomplete" | 7.x-2.x Search vendor "Dominique Clause" for product "Search Autocomplete" and version "7.x-2.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|