CVE-2025-55044

Name of the Vulnerable Software and Affected Versions MuraCMS versions through 10.1.10

Description A Cross-Site Request Forgery (CSRF) issue exists in the Trash Restore functionality of MuraCMS. The cTrash.restore function does not validate CSRF tokens. This allows attackers to restore deleted content to unauthorized locations by forging requests when an authenticated administrator visits a malicious webpage. Exploitation involves restoring content to a location specified by the attacker through the parentid parameter. Successful exploitation can lead to the restoration of malicious content, placement of sensitive documents in public areas, or manipulation of the website structure.

Recommendations Versions prior to 10.1.10 are affected.