CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
Percentile
99.7%
This module enables you to easily enable a Flash MP3 Player on a CCK FileField.
The module doesn’t sufficiently filter user-supplied text from mp3 filenames.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create a node with an mp3 filefield with the MP3 player set as the display widget.
Drupal core is not affected. If you do not use the contributed MP3 Player module, there is nothing you need to do.
Disable the module:
Also see the MP3 Player project page.
Not applicable.