Description

Mura/Masa CMS has an SQL Injection vulnerability that allows unauthenticated attackers to gain access to sensitive data and compromise the system.

Remediation

Upgrade to the latest version of Mura CMS or Masa CMS

References

Hacking Apple - SQL Injection to Remote Code Execution

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2151)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-26593)

Oracle HTTP Server Other Vulnerability (CVE-2012-2751)

Oracle HTTP Server Other Vulnerability (CVE-2021-41617)

Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-26265)

Severity

Critical

Classification

CVE-2024-32640 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SQL Injection Known Vulnerabilities