Description

Mura/Masa CMS has a Remote Code Execution (RCE) vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary code due to the insecure evaluation of the "method" parameter, thereby compromising the system.

Remediation

Upgrade to the latest version of Mura CMS or Masa CMS

References

Hello Lucee! Let us hack Apple again?

Lucee RCE Vulnerabilities February 2024

Related Vulnerabilities

Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888)

Seo Panel Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-22643)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5339)

Play Framework Uncontrolled Resource Consumption Vulnerability (CVE-2022-31018)

Ruby on Rails Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-22885)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities