Description

Mura/Masa CMS has a Remote Code Execution (RCE) vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary code due to the insecure evaluation of the "method" parameter, thereby compromising the system.

Remediation

Upgrade to the latest version of Mura CMS or Masa CMS

References

Hello Lucee! Let us hack Apple again?

Lucee RCE Vulnerabilities February 2024

Related Vulnerabilities

MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6662)

IBM WebSEAL Incorrect Authorization Vulnerability (CVE-2023-38368)

RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-14641)

Oracle HTTP Server CVE-2020-2545 Vulnerability (CVE-2020-2545)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities