SA-CONTRIB-2015-041 - Feature Set - Cross Site Request Forgery (CSRF)
Feature Set module enables you to enable or disable sets of features or modules. The module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause an administrator to enable and disable modules by getting the administrator's browser to make a request to a specially-crafte...