Vulnerability Details CVE-2015-4351
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.2%
CVSS Severity
CVSS v2 Score 4.9
References
Products affected by CVE-2015-4351
-
cpe:2.3:a:web-dorado:web-dorado_spider_video_player:6.x-1.0
-
cpe:2.3:a:web-dorado:web-dorado_spider_video_player:6.x-1.1
-
cpe:2.3:a:web-dorado:web-dorado_spider_video_player:6.x-1.2
-
cpe:2.3:a:web-dorado:web-dorado_spider_video_player:6.x-1.3
-
cpe:2.3:a:web-dorado:web-dorado_spider_video_player:7.x-1.0
-
cpe:2.3:a:web-dorado:web-dorado_spider_video_player:7.x-1.1
-
cpe:2.3:a:web-dorado:web-dorado_spider_video_player:7.x-1.2
-
cpe:2.3:a:web-dorado:web-dorado_spider_video_player:7.x-1.3