PT-2024-4567 · Unknown · Mura/Masa Cms
Published
2024-05-13
·
Updated
2025-12-03
·
CVE-2024-32640
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
MASA CMS versions prior to 7.4.6
MASA CMS versions prior to 7.3.13
MASA CMS versions prior to 7.2.8
Description:
MASA CMS, an Enterprise Content Management platform, contains a SQL injection vulnerability in the
processAsyncObject method. Exploitation of this vulnerability can lead to remote code execution. The vulnerability is present in versions prior to 7.4.6, 7.3.13, and 7.2.8. The API endpoint /index.cfm/ api/json/v1/default/?method=processAsyncObject is vulnerable, specifically with the object, contenthistid, and previewid parameters.Recommendations:
MASA CMS versions prior to 7.4.6: Update to version 7.4.6 or later.
MASA CMS versions prior to 7.3.13: Update to version 7.3.13 or later.
MASA CMS versions prior to 7.2.8: Update to version 7.2.8 or later.
Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mura/Masa Cms