The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote malicious users to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nicholas_thompson node_quick_find 6.x-1.1 |