View online: https://www.drupal.org/sa-contrib-2017-079
Project: Brilliant Gallery [1] Version: 7.x-1.x-dev Date: 2017-October-25 Security risk: *Highly critical* 20∕25 AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All [2] Vulnerability: Multiple Vulnerabilities
Description: This module enables you to display any number of galleries based on images located in the files folder.
The module doesn't sufficiently sanitize various database queries which may allow attackers to craft requests resulting in an SQL injection vulnerability. This vulnerability could be exploited even by anonymous users and could potentially allow them to take over the site.
The module doesn't sufficiently confirm a user's intent to save checklist data, which allows for a cross-site request forgery (CSRF) exploit to be executed by unprivileged users.
Some configuration fields are not filtered while rendered, resulting in a cross-site scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer Brilliant Gallery".
Solution: Install the latest version:
* If you use the Brilliant Gallery module for Drupal 7, upgrade to Brilliant Gallery 7.x-1.10 [3]
Reported By: * Jean-François Hovinne [4]
Fixed By: * Tomas Fulopp [5], the module maintainer
Coordinated By: * Greg Knaddison [6] of the Drupal Security Team
[1] https://www.drupal.org/project/brilliant_gallery [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/brilliant_gallery/releases/7.x-1.10 [4] https://www.drupal.org/u/jfhovinne [5] https://www.drupal.org/u/vacilando [6] https://www.drupal.org/u/greggles