Security updates for several Drupal extensions
Several extensions to Drupal, the content management system have security issues according the Drupal developers. The extension modules are not part of the core Drupal system but have been available on the Drupal web site.
The "Brilliant Gallery" module is vulnerable to an SQL injection attack which can allow access to the administrator account. There is no patch available for the package and Drupal's developers recommend that users disable the extension; they have already removed the extension from their own website.
A critical vulnerability was found in the "Plugin Manager" module, which allowed, in insecure configurations, any user to uninstall and remove modules from a Drupal system. Again, an update is available, 6.x-1.2, that fixes these issues.