Description

Mura/Masa CMS has a Remote Code Execution (RCE) vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary code due to the insecure evaluation of the "method" parameter, thereby compromising the system.

Remediation

Upgrade to the latest version of Mura CMS or Masa CMS

References

Hello Lucee! Let us hack Apple again?

Lucee RCE Vulnerabilities February 2024

Related Vulnerabilities

MySQL CVE-2015-4791 Vulnerability (CVE-2015-4791)

Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8976)

Internet Information Services Other Vulnerability (CVE-2007-2897)

Oracle Application Server Other Vulnerability (CVE-2002-2153)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities