3 matches found
CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL...
CVE-2015-4351
CVE-2015-4351 affects the Drupal Spider Video Player module. Remote authenticated users with the access Spider Video Player administration permission could delete arbitrary files via a crafted URL. The issue stems from insufficient validation of delete requests (and related CSRF protections) in t...
CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL...