CVE-2014-8734

low

Published 2014-11-12 · Modified 2026-05-06

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.drupal.org/node/2365685

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.drupal.org/node/2365259

Application impact

Vendor	Product	Versions
drupal	organic_groups_menu	`{"endIncluding":"7.x-2.1"}`
drupal	organic_groups_menu	`7.x-2.0`
drupal	organic_groups_menu	`7.x-2.x-dev`

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98445
https://www.drupal.org/node/2365259
https://www.drupal.org/node/2365685
https://exchange.xforce.ibmcloud.com/vulnerabilities/98445
https://www.drupal.org/node/2365259
https://www.drupal.org/node/2365685

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.