Lucene search
HistoryFeb 01, 2023 - 2:15 p.m.
CVE-2022-47002
vulnerability
remember me
masa cms
authentication bypass
cve-2022-47002
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.042 Low
EPSS
Percentile
92.3%
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.
Affected configurations
Node
masacmsmasacmsRange<7.2.5
ORmasacmsmasacmsRange7.3–7.3.10
ORmasacmsmasacmsMatch7.4.0alpha1
ORmasacmsmasacmsMatch7.4.0alpha2
ORmasacmsmasacmsMatch7.4.0beta1
ORmasacmsmasacmsMatch7.4.0beta2
| CPE | Name | Operator | Version |
|---|---|---|---|
| masacms:masacms | masacms | lt | 7.2.5 |
| masacms:masacms | masacms | lt | 7.3.10 |
| masacms:masacms | masacms | eq | 7.4.0 |
Related
nvd
nvd
CVE-2022-47002
2023-02-01 14:15:08
prion
prion
Authentication flaw
2023-02-01 14:15:00
osv
osv
CVE-2022-47002
2023-02-01 14:15:08
cvelist
cvelist
CVE-2022-47002
2023-02-01 00:00:00
nuclei
nuclei
Masa CMS - Authentication Bypass
2023-03-13 20:49:29
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.2 High
AI Score
Confidence
High
0.042 Low
EPSS
Percentile
92.3%
Related for CVE-2022-47002