Description
The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern.
References (2)
Core 2
Core References
Patch x_refsource_misc
https://www.drupal.org/node/2608414
Patch, Vendor Advisory x_refsource_confirm
https://www.drupal.org/node/2608382
Scores
EPSS
0.0120
EPSS Percentile
64.4%
Details
CWE
CWE-200
Status
published
Products (25)
monster_menus_project/monster_menus
7.x-1.0
monster_menus_project/monster_menus
7.x-1.1
monster_menus_project/monster_menus
7.x-1.2
monster_menus_project/monster_menus
7.x-1.3
monster_menus_project/monster_menus
7.x-1.4
monster_menus_project/monster_menus
7.x-1.5
monster_menus_project/monster_menus
7.x-1.6
monster_menus_project/monster_menus
7.x-1.7
monster_menus_project/monster_menus
7.x-1.8
monster_menus_project/monster_menus
7.x-1.9
... and 15 more
Published
Nov 09, 2015
Tracked Since
Feb 18, 2026