Web Dorado Spider Video Player
CVE-2015-4351
MEDIUM
Severity by source
AV:N/AC:M/Au:S/C:N/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:S/C:N/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
AnalysisAI
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. Affected products include: Web-Dorado Web-Dorado Spider Video Player.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin befor
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today