CVE-2010-1547

Name of the Vulnerable Software and Affected Versions Chaos Tool Suite (CTools) module versions prior to 6.x-1.4

Description The issue allows remote attackers to hijack the authentication of administrators for requests. This can be done through requests that enable a page via a "q=admin/build/pages/nojs/enable/" value or disable a page via a "q=admin/build/pages/nojs/disable/" value.

Recommendations For Chaos Tool Suite (CTools) module versions prior to 6.x-1.4, update to version 6.x-1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the q=admin/build/pages/nojs/enable/ and q=admin/build/pages/nojs/disable/ API endpoints to minimize the risk of exploitation.