• Advisory ID: DRUPAL-SA-2008-059
  • Project: Brilliant Gallery (third-party module)
  • Versions: 5.x
  • Date: 2008-October-1
  • Security risk: Critical
  • Exploitable from: Remote
  • Vulnerability: SQL injection and Cross Site Scripting

Description

The Brilliant Gallery module allows users to publish photos in galleries. Two vulnerabilities were found in the module.

SQL Injection

Brilliant Gallery does not properly use the Drupal database API and inserts values from URLs directly into queries. This can be exploited to perform SQL Injection attacks. These attacks may lead to a malicious user gaining administrator access.

Moreover, the module does not properly escape text, which allows malicious users who are able to post answers to insert arbitrary HTML and scripts into a page. Wikipedia has more information about such cross site scripting (XSS) attacks.

Versions Affected

Versions of Brilliant Gallery for Drupal 5.x prior to 5.x-4.2

Drupal core is not affected. If you do not use the Brilliant Gallery module, there is nothing you need to do.

Solution

Install the latest version. If you use Brilliant Gallery for Drupal 5.x upgrade to Brilliant Gallery 5.x-4.2

Also see the Brilliant Gallery project page.

Reported by

The SQL injection vulnerability was reported by Justin C. Klein Keane (Justin_KleinKeane).

Contact

The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact and by selecting the security issues category.