CVE-2024-32642

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.8 Masa CMS versions prior to 7.3.13 Masa CMS versions prior to 7.4.6

Description Masa CMS is susceptible to a host header poisoning issue that can lead to account takeover through the password reset email functionality. The issue occurs when the application does not properly validate the host header, allowing an attacker to manipulate the password reset link and redirect the user to a malicious domain controlled by the attacker. This allows the attacker to potentially gain control of the user's account.

Recommendations Update Masa CMS to version 7.2.8 or later. Update Masa CMS to version 7.3.13 or later. Update Masa CMS to version 7.4.6 or later.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640CWE-346

Related Identifiers

CVE-2024-32642

GHSA-QJM6-C8HX-FFH8

Affected Products

Masacms

CVE-2024-32642

Weakness Enumeration

Related Identifiers

Affected Products

References · 10