PT-2025-2096 · Drupal · Monster Menus+1

Damien Mckenna

Published

2024-10-09

Updated

2025-01-10

CVE-2024-13281

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Monster Menus versions 0.0.0 through 9.3.1

Description The issue is related to insufficient authorization mechanisms in the Monster Menus module of the Drupal CMS, allowing a remote attacker to disclose protected information and impact the integrity of protected information. This can lead to forceful browsing, where an attacker can access unauthorized areas of the system.

Recommendations For Monster Menus versions 0.0.0 through 9.3.1, update to version 9.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-01214

CVE-2024-13281

DRUPAL-CONTRIB-2024-045

Affected Products

Drupal Cms

Monster Menus

PT-2025-2096 · Drupal · Monster Menus+1

CVE-2024-13281

Weakness Enumeration

Related Identifiers

Affected Products

References · 6