Brilliant Gallery Module of Drupal is prone to the following multiple security vulnerabilities:
1. An SQL-injection vulnerability
2. A cross-site request forgery vulnerability
3. A cross-site scripting vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database or to perform certain unauthorized actions and gain access to the affected application.
Brilliant Gallery Module of Drupal versions prior to 7.x-1.10 are vulnerable.
Information
Drupal Brilliant Gallery 7.x-1.3
Drupal Brilliant Gallery 7.x-1.2
Drupal Brilliant Gallery 7.x-1.1
Drupal Brilliant Gallery 7.x-1.0
Exploit
An attacker can use a web browser to exploit these issues.
References: