File Deletion Vulnerability in Spider Video Player for Drupal
CVE-2015-4351

Currently unrated

Key Information:

Vendor: Web-dorado
Status: Web-dorado Spider Video Player
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4351?

The Spider Video Player module for Drupal allows remote authenticated users with the specific permission to access its administration features to delete arbitrary files. This can lead to unauthorized file removal that could disrupt website functionality or compromise sensitive information. It's essential for users to evaluate their permission settings and update their Drupal modules to mitigate potential risks associated with this vulnerability.

References

http://www.securityfocus.com/bid/72817

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2015/04/25/6

mailing-listx_refsource_MLIST

https://www.drupal.org/node/2437981

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
Jun 5, 2015

CVE-2015-4351 Data

JSON

Web-dorado

What is CVE-2015-4351?

References

Timeline