CVE-2015-4351

Name of the Vulnerable Software and Affected Versions Drupal Spider Video Player module (affected versions not specified)

Description The issue allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.

Recommendations For the Spider Video Player module, restrict access to the module's administration to minimize the risk of exploitation. As a temporary workaround, consider disabling the module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.