The Better Mega Menu - Critical - Cross Site Request Forgery - SA-CONTRIB-2021-040

Project: The Better Mega MenuDate: 2021-September-22Security risk: Critical 15∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryDescription: This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content.
The module does not use CSRF tokens to protect routes for saving menu configurations.
This vulnerability can be exploited by an anonymous user.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article