Menu Item Extras - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2019-050

Project: Menu Item ExtrasDate: 2019-May-22Security risk: Moderately critical 10∕25 AC:Basic/A:User/CI:None/II:Some/E:Theoretical/TD:DefaultVulnerability: Cross Site Request ForgeryDescription: This module enables you to handle fields for Custom Menu Links.
The module doesn't sufficiently check requests to one of the module controllers if the user has permission 'administer menu'.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create content.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article