Project: 
Date: 
2018-January-17
Vulnerability: 
Multiple Vulnerabilities
Description: 

This module enables you to display a Bible on your website. Users can associate notes with a Bible version.

This module has a vulnerability that would allow an attacker to wipe out, update or read notes from other users with a carefully crafted title.

A user must have the "Access Bible content" privilege, which is most likely the default if you have enabled this module.

The code appeared to allow other SQL injection vulnerabilities as well. Many lines of code were rewritten to make this module more secure. Therefore, even if you did not give users the "Access Bible content" privilege, there may have been other SQL vulnerabilities which could have been exploited.

Solution: 

Install the latest version:

  • If you use the Bible module for Drupal 7.x, upgrade to Bible 7.x-1.7
Reported By: 
Fixed By: 
Coordinated By: