Description

Mura/Masa CMS has a Remote Code Execution (RCE) vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary code due to the insecure evaluation of the "method" parameter, thereby compromising the system.

Remediation

Upgrade to the latest version of Mura CMS or Masa CMS

References

Hello Lucee! Let us hack Apple again?

Lucee RCE Vulnerabilities February 2024

Related Vulnerabilities

Oracle JRE CVE-2020-14792 Vulnerability (CVE-2020-14792)

PHP Improper Access Control Vulnerability (CVE-2015-8838)

phpMyFAQ Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability (CVE-2023-5866)

SharePoint CVE-2020-16950 Vulnerability (CVE-2020-16950)

phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2011-2643)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities