2 matches found
CVE-2013-4504
The CVE-2013-4504 affects the Monster Menus module for Drupal 7.x-1.x (versions before 7.x-1.15). The issue allows remote attackers to read arbitrary node comments by crafting a URL, bypassing per-node comment visibility permissions. Impact is unauthenticated information disclosure of comments fo...
SA-CONTRIB-2013-086 - Monster Menus - Access bypass
Monster Menus includes the ability to protect the visibility of comments for each node based on hierarchical permissions. However, a carefully-crafted URL could be used to bypass these permissions, allowing an anonymous user to view the comments associated with certain nodes. In order for this fl...