Guustnieuwenhuis

**Name of the Vulnerable Software and Affected Versions** Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 **Description** The `createBundle()` function in `csettings.cfc` fails to properly validate anti-CSRF (Cross-Site Request Forgery) tokens during site bundle creation requests. This allows an attacker to trick a logged-in administrator into triggering the silent creation of a site bundle via a malicious webpage or link. The resulting bundle is stored in a predictable, publicly accessible web directory, enabling an unauthenticated attacker to retrieve sensitive information, including site content, user account data, password hashes, form submissions, email lists, plugins, and configuration data. **Recommendations** Update to version 7.2.10. Update to version 7.3.15. Update to version 7.4.10. Update to version 7.5.3. Remove unexpected bundle files from public directories. Restrict access to the affected endpoint. Limit exposure of administrative sessions.

**Name of the Vulnerable Software and Affected Versions** Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 **Description** A SQL injection exists in the `beanFeed.cfc` component within the `getQuery()` function's processing of the `sortBy` parameter. The application fails to properly sanitize or parameterize this input before incorporating it into dynamic SQL statements. An unauthenticated remote attacker can execute arbitrary SQL commands against the database, potentially gaining access to sensitive data, modifying or deleting records, or escalating privileges to administrative control. **Recommendations** Update to version 7.2.10. Update to version 7.3.15. Update to version 7.4.10. Update to version 7.5.3. Configure WAF rules to block malicious SQL patterns in the `sortBy` parameter sent to `beanFeed.cfc`.

**Name of the Vulnerable Software and Affected Versions** Masa CMS versions 7.2.0 through 7.2.9 Masa CMS versions 7.3.0 through 7.3.14 Masa CMS versions 7.4.0 through 7.4.9 Masa CMS versions 7.5.0 through 7.5.2 **Description** A SQL injection issue exists in the `beanFeed.cfc` component within the `getQuery()` function. The `sortDirection` parameter is concatenated directly into SQL queries without sanitization or parameterization, allowing an unauthenticated remote attacker to extract sensitive information, modify or delete database records, or potentially achieve remote code execution on the database server. **Recommendations** Update versions 7.2.0 through 7.2.9 to 7.2.10. Update versions 7.3.0 through 7.3.14 to 7.3.15. Update versions 7.4.0 through 7.4.9 to 7.4.10. Update versions 7.5.0 through 7.5.2 to 7.5.3. Restrict access to the `beanFeed.cfc` component. Avoid using the `sortDirection` parameter in the affected component until the issue is resolved.