3 results (0.020 seconds)

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338. Vulnerabilidad de inyección SQL en el módulo Brilliant Gallery (para Drupal) 5.x y versiones anteriores a 5.x-4.2, que permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a través de vectores no especificados, en relación a preguntas. NOTA: esto debe de ser el mismo asunto que CVE-2008-4338. • http://drupal.org/node/315919 http://secunia.com/advisories/32106 http://www.securityfocus.com/bid/31554 https://exchange.xforce.ibmcloud.com/vulnerabilities/45637 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 3.5EPSS: 0%CPEs: 26EXPL: 0

Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS)en Brilliant Gallery v5.x y anteriores a 5.x-4.2, un modulo de Drupal que permite que usuarios remotos autenticados con permisos inyectar arbitrariamente una secuencia de comandos web o HTML a trves de vectores no especificados relacionados con la publicacion de respuestas. • http://drupal.org/node/315919 http://secunia.com/advisories/32106 http://www.securityfocus.com/bid/31554 https://exchange.xforce.ibmcloud.com/vulnerabilities/45636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 2

SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters. Vulnerabilidad de inyección SQL en la función brilliant_gallery_checklist_save bgchecklist/save en el módulo para Drupal Brilliant Gallery Script v5.x y 6.x, permite a usuarios autenticados remotamente con permisos "access brilliant_gallery" ejecutar comandos SQL de su elección a través de los parámetros (1) "nid", (2) "qid", (3) "state" y posiblemente (4) "user". • http://drupal.org/node/313054 http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064662.html http://secunia.com/advisories/32015 http://securityreason.com/securityalert/4338 http://www.securityfocus.com/archive/1/496726/100/0/threaded http://www.securityfocus.com/bid/31387 https://exchange.xforce.ibmcloud.com/vulnerabilities/45411 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •