Spider Video Player Module Arbitrary File Deletion and Cross Site Request Forgery Vulnerabilities

The Spider Video Player module for Drupal is prone to multiple cross-site request-forgery vulnerabilities and an arbitrary-file-deletion vulnerability.

Attackers may exploit these issues to perform unauthorized actions by enticing a logged-in user to visit a malicious site and delete arbitrary files in the context of the application; this may aid in launching further attacks.

Spider Video Player 6.x and 7.x are vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus