Description
SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338.
References (4)
Core 4
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32106
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45637
Patch x_refsource_confirm
http://drupal.org/node/315919
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31554
Scores
EPSS
0.0040
EPSS Percentile
60.7%
Details
CWE
CWE-89
Status
published
Products (26)
drupal/brilliant_gallery
5.x-1.0
drupal/brilliant_gallery
5.x-1.1
drupal/brilliant_gallery
5.x-1.2
drupal/brilliant_gallery
5.x-2.1
drupal/brilliant_gallery
5.x-2.2
drupal/brilliant_gallery
5.x-2.3
drupal/brilliant_gallery
5.x-2.4
drupal/brilliant_gallery
5.x-2.5
drupal/brilliant_gallery
5.x-2.6
drupal/brilliant_gallery
5.x-2.7
... and 16 more
Published
Oct 09, 2008
Tracked Since
Feb 18, 2026