Mad Irish

Name of the Vulnerable Software and Affected Versions: Brilliant Gallery versions 5.x through 6.x Description: The issue allows remote authenticated users with "access brilliant gallery" permissions to execute arbitrary SQL commands. This can be achieved via the `nid`, `qid`, `state`, and possibly `user` parameters in the `brilliant gallery checklist save` function. Recommendations: For Brilliant Gallery versions 5.x through 6.x, consider restricting access to the `brilliant gallery checklist save` function until a patch is available. As a temporary workaround, limit the use of the `nid`, `qid`, `state`, and `user` parameters in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.