Drupal Brilliant Gallery Module Multiple Security Vulnerabilities



Brilliant Gallery Module of Drupal is prone to the following multiple security vulnerabilities:

1. An SQL-injection vulnerability
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to perform certain unauthorized actions and gain access to the affected application.

Brilliant Gallery Module of Drupal versions prior to 7.x-1.10 are vulnerable.

Information

Bugtraq ID: 101578
Class: Unknown
CVE:
Remote: Yes
Local: No
Published: Oct 25 2017 12:00AM
Updated: Oct 25 2017 12:00AM
Credit: Jean-François Hovinne.
Vulnerable: Drupal Brilliant Gallery 7.x-1.4
Drupal Brilliant Gallery 7.x-1.3
Drupal Brilliant Gallery 7.x-1.2
Drupal Brilliant Gallery 7.x-1.1
Drupal Brilliant Gallery 7.x-1.0


Not Vulnerable: Drupal Brilliant Gallery 7.x-1.10


Exploit


An attacker can use a web browser to exploit these issues.


Related Posts