Cross-site request forgery in Migrate Tools module for Drupal
Severity Rating: MEDIUM
Software Affected
• Drupal Migrate Tools version prior to 6.0.3.
Overview
This vulnerability has been reported in Drupal Migrate Tools module which could be exploited by the attacker to conduct Cross
site request forgery attacks to take control of the targeted system.
Description
This vulnerability exists in Drupal Migrate Tools due to insufficient protection against Cross Site Request Forgery attacks. An
attacker could exploit this vulnerability by tricking an authenticated administrator to initiate migration.
Successful exploitation of this vulnerability could allow the attacker to compromise the target system.
Solution
Apply appropriate patches as mentioned in Drupal security advisories:
https://www.drupal.org/sa-contrib-2024-008
Vendor Information
Drupal
https://www.drupal.org/sa-contrib-2024-008
References
Drupal
https://www.drupal.org/sa-contrib-2024-008
NOTE : The information is provide is on “as is “ basis, without assurance of any kind.