Description

Mura/Masa CMS has a Remote Code Execution (RCE) vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary code due to the insecure evaluation of the "method" parameter, thereby compromising the system.

Remediation

Upgrade to the latest version of Mura CMS or Masa CMS

References

Hello Lucee! Let us hack Apple again?

Lucee RCE Vulnerabilities February 2024

Related Vulnerabilities

PHP Other Vulnerability (CVE-2012-3450)

MySQL CVE-2022-21342 Vulnerability (CVE-2022-21342)

MySQL CVE-2013-3812 Vulnerability (CVE-2013-3812)

Mura/Masa CMS SQLi (CVE-2024-32640)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21018)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities