Dominique Clause: >> Search Autocomplete Security Vulnerabilities
The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-11-30
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.006
Published
2012-09-19