Description

Mura/Masa CMS has an SQL Injection vulnerability that allows unauthenticated attackers to gain access to sensitive data and compromise the system.

Remediation

Upgrade to the latest version of Mura CMS or Masa CMS

References

Hacking Apple - SQL Injection to Remote Code Execution

Related Vulnerabilities

Envoy Proxy Incomplete Cleanup Vulnerability (CVE-2023-35945)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4408)

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-2315)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll SQL Injection (1.1.91)

Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7269)

Severity

Critical

Classification

CVE-2024-32640 CWE-89 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SQL Injection Known Vulnerabilities