[Security-news] Brilliant Gallery - Highly critical - Multiple Vulnerabilities - SA-CONTRIB-2017-079
security-news at drupal.org
security-news at drupal.org
Wed Oct 25 16:42:33 UTC 2017
View online: https://www.drupal.org/sa-contrib-2017-079
Project: Brilliant Gallery [1]
Version: 7.x-1.x-dev
Date: 2017-October-25
Security risk: *Highly critical* 20∕25
AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All [2]
Vulnerability: Multiple Vulnerabilities
Description:
This module enables you to display any number of galleries based on images
located in the files folder.
The module doesn't sufficiently sanitize various database queries which may
allow attackers to craft requests resulting in an SQL injection
vulnerability. This vulnerability could be exploited even by anonymous users
and could potentially allow them to take over the site.
The module doesn't sufficiently confirm a user's intent to save checklist
data, which allows for a cross-site request forgery (CSRF) exploit to be
executed by unprivileged users.
Some configuration fields are not filtered while rendered, resulting in a
cross-site scripting (XSS) vulnerability. This vulnerability is mitigated by
the fact that an attacker must have a role with the permission "Administer
Brilliant Gallery".
Solution:
Install the latest version:
* If you use the Brilliant Gallery module for Drupal 7, upgrade to
Brilliant
Gallery 7.x-1.10 [3]
Reported By:
* Jean-François Hovinne [4]
Fixed By:
* Tomas Fulopp [5], the module maintainer
Coordinated By:
* Greg Knaddison [6] of the Drupal Security Team
[1] https://www.drupal.org/project/brilliant_gallery
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/brilliant_gallery/releases/7.x-1.10
[4] https://www.drupal.org/u/jfhovinne
[5] https://www.drupal.org/u/vacilando
[6] https://www.drupal.org/u/greggles
More information about the Security-news
mailing list