Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-13288
PUBLISHED
More InfoOfficial Page
Assigner-drupal
Assigner Org ID-2c85b837-eb8b-40ed-9d74-228c62987387
View Known Exploited Vulnerability (KEV) details
Published At-09 Jan, 2025 | 20:14
Updated At-10 Jan, 2025 | 14:51
Rejected At-
▼CVE Numbering Authority (CNA)
Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.

Affected Products
Vendor
The Drupal AssociationDrupal
Product
Monster Menus
Collection URL
https://www.drupal.org/project/monster_menus
Repo
https://git.drupalcode.org/project/monster_menus
Default Status
unaffected
Versions
Affected
  • From 0.0.0 before 9.3.4 (semver)
  • From 9.4.0 before 9.4.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-586CAPEC-586 Object Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Drew Webber
remediation developer
Drew Webber
remediation developer
Dan Wilga
coordinator
Greg Knaddison
coordinator
Juraj Nemec
coordinator
Drew Webber
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.drupal.org/sa-contrib-2024-052
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found