CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13288 – Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052
https://notcve.org/view.php?id=CVE-2024-13288
09 Jan 2025 — Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. • https://www.drupal.org/sa-contrib-2024-052 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13281 – Monster Menus - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-045
https://notcve.org/view.php?id=CVE-2024-13281
09 Jan 2025 — Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. • https://www.drupal.org/sa-contrib-2024-045 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4230
https://notcve.org/view.php?id=CVE-2013-4230
21 Aug 2013 — The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a envíos en f... • http://secunia.com/advisories/54391 • CWE-264: Permissions, Privileges, and Access Controls •