CVE-2024-13288

CVE-2024-13288: Monster Menus - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-052

Vendor Drupal
Product Monster Menus
Weakness CWE-502 · Unsafe deserialization
Published January 9, 2025
Last update January 10, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 10, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution CVE-2023-21779 Visual Studio Code Remote Code Execution Vulnerability CVE-2024-24842 WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 11.30.2 - PHP Object Injection vulnerability CVE-2025-6810 Mescius ActiveReports.NET ReadValue Deserialization of Untrusted Data Remote Code Execution Vulnerability CVE-2021-39152 A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling