CVE-2025-55046

Name of the Vulnerable Software and Affected Versions MuraCMS versions through 10.1.10

Description MuraCMS through version 10.1.10 is affected by a Cross-Site Request Forgery (CSRF) issue. An attacker can exploit this to permanently delete all content in the trash system. The cTrash.empty function does not validate CSRF tokens, allowing a malicious website to forge requests. When an authenticated administrator visits a crafted webpage, the browser automatically submits a form that empties the trash system without confirmation. This can lead to catastrophic data loss within the MuraCMS system.

Recommendations Versions prior to 10.1.10 should be updated.