Cross-Site Request Forgery in Spider Video Player for Drupal
CVE-2015-4352

Currently unrated

Key Information:

Vendor: Web-dorado
Status: Web-dorado Spider Video Player
Vendor: CVE Published:; 15 June 2015

What is CVE-2015-4352?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Spider Video Player module for Drupal. This flaw enables remote attackers to exploit authenticated administrators by tricking them into making unintended requests that could lead to the deletion of videos. Attackers may leverage various vectors to initiate these unauthorized requests, potentially compromising content management on affected websites and impacting user data.

References

http://www.securityfocus.com/bid/72817

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2015/04/25/6

mailing-listx_refsource_MLIST

https://www.drupal.org/node/2437981

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
Jun 5, 2015

CVE-2015-4352 Data

JSON

Web-dorado

What is CVE-2015-4352?

References

Timeline