Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Masa CMS Incorrect Authorization Vulnerability (CVE-2024-32643)

Description

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

Remediation

References

Related Vulnerabilities

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.18)

WordPress Ultimate Member Plugin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-1209)

WordPress Plugin Videos on Admin Dashboard Cross-Site Scripting (1.1.3)

WordPress Plugin LearnPress-WordPress LMS Local File Inclusion (4.2.6.8.2)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2202)

Severity

High

Classification

CVE-2024-32643 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities