EUVD-2026-27480

🗓️ 05 May 2026 19:46:03Reported by EUVDType

SQL injection in beanFeed.cfc getQuery sortDirection allows unauthenticated data access; fixed in versions.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-40330	5 May 202619:46	–	attackerkb
Circl	CVE-2026-40330	5 May 202621:04	–	circl
CNNVD	Masa CMS SQL注入漏洞	5 May 202600:00	–	cnnvd
CVE	CVE-2026-40330	5 May 202619:46	–	cve
Cvelist	CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed	5 May 202619:46	–	cvelist
NVD	CVE-2026-40330	5 May 202620:16	–	nvd
Positive Technologies	PT-2026-37236	5 May 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed	5 May 202619:46	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "14a0e30f-ba58-382b-b023-e700667deb76",
        "vendor": {
          "name": "MasaCMS"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1b416c81-6bf2-319b-9a0e-de1156490360",
        "product": {
          "name": "MasaCMS"
        },
        "product_version": "7.3.0, ≤ 7.3.14"
      },
      {
        "id": "33d92100-02bf-3838-8119-7fe0f8c1a2f6",
        "product": {
          "name": "MasaCMS"
        },
        "product_version": "7.4.0, ≤ 7.4.9"
      },
      {
        "id": "50cdd3fe-ba23-3171-a670-cbb29a5ba87c",
        "product": {
          "name": "MasaCMS"
        },
        "product_version": "7.5.0, ≤ 7.5.2"
      },
      {
        "id": "f0b96742-ea67-3587-890b-c8f7d487e969",
        "product": {
          "name": "MasaCMS"
        },
        "product_version": "≤ 7.2.9"
      }
    ]
  }
]

Source	Link
github	www.github.com/MasaCMS/MasaCMS/security/advisories/GHSA-56cc-gxfr-hqp8

05 May 2026 19:46Current

6.5Medium risk

Vulners AI Score6.5

CVSS 49.3

EPSS0.00326