Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4338

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-4338
Last Modified 29 Jan 2009 01:56:04
Published 30 Sep 2008 01:22:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-4338

Summary

SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters.

Vulnerable Systems

Application

  • Vacilanda Brilliant Gallery

  • Vacilanda Brilliant Gallery 5

  • Vacilanda Brilliant Gallery 6


References

XF - brilliantgallery-bgchecklist-sql-injection(45411)

BID - 31387

BUGTRAQ - 20080924 Drupal Brilliant Gallery module SQL injection vulnerability

SREASON - 4338

SECUNIA - 32015

CONFIRM - http://drupal.org/node/313054


Last Updated: 27 May 2016 10:48:28