Unrated severityNVD Advisory· Published Nov 30, 2012· Updated Apr 29, 2026

CVE-2012-4471

Description

The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors.

Affected products

Dominique Clause/Search Autocomplete4 versions
cpe:2.3:a:dominique_clause:search_autocomplete:7.x-2.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:dominique_clause:search_autocomplete:7.x-2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dominique_clause:search_autocomplete:7.x-2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dominique_clause:search_autocomplete:7.x-2.3:*:*:*:*:*:*:*
- cpe:2.3:a:dominique_clause:search_autocomplete:7.x-2.x:dev:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/1649442nvdPatch
drupal.org/node/1679422nvdPatchVendor Advisory
www.openwall.com/lists/oss-security/2012/10/04/3nvd
www.securityfocus.com/bid/54379nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000