CVE-2024-32641

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently...

CVE-2024-32643

Masa CMS exposes an authentication-bypass vulnerability where adding a /tag/ declaration to a page URL causes the CMS to render content regardless of group restrictions. Affected versions are prior to 7.2.8, 7.3.13, and 7.4.6. The issue is fixed in 7.2.8, 7.3.13, and 7.4.6. The CVSS data from the...

EUVD-2024-30445

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

CVE-2024-32643 Masa CMS vulnerable to authentication bypass with /tag/

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

CVE-2024-32642 Host header poisoning allows account takeover via password reset email

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6...

CVE-2024-32641

Masa CMS (open source Enterprise Content Management) has a remote code execution vulnerability in addParam that processes the criteria input and is evaluated by setDynamicContent, enabling unauthenticated code execution via the m tag. Affected versions are before 7.2.8, 7.3.13, and 7.4.6. Patches...

CVE-2024-32641 Masa CMS Vulnerable to Pre-Auth RCE via JSON API

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently...

PT-2025-48944

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.8 Masa CMS versions prior to 7.3.13 Masa CMS versions prior to 7.4.6 Description Masa CMS is an open source Enterprise Content Management platform. The application is susceptible to remote code execution. The iss...

PT-2025-48952

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.8 Masa CMS versions prior to 7.3.13 Masa CMS versions prior to 7.4.6 Description Masa CMS is an open source Enterprise Content Management platform. If the URL to a page is modified to include a /tag/ declaration,...

CVE-2024-32640

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the processAsyncObject method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for th...

PT-2024-4567

Name of the Vulnerable Software and Affected Versions: MASA CMS versions prior to 7.4.6 MASA CMS versions prior to 7.3.13 MASA CMS versions prior to 7.2.8 Description: MASA CMS, an Enterprise Content Management platform, contains a SQL injection vulnerability in the processAsyncObject method...

Amazon Linux AMI : php73 (ALAS-2024-1918)

The version of php73 installed on the remote host is prior to 7.3.13-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1918 advisory. 2024-02-14: CVE-2019-11045 was added to this advisory. 2024-02-14: CVE-2019-11049 was added to this advisory. 2024-02-14:...

SUSE CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

Internet Bug Bounty: DirectoryIterator class silently truncates after a null byte

The bug submitted at: https://bugs.php.net/bug.php?id=78863 The security advisory at: https://nvd.nist.gov/vuln/detail/CVE-2019-11045 There's an issue with SPL PHP extension on splfilesystemobjectconstruct function. When creating a new DirectoryIterator object splfilesystemobjectconstruct functio...

Fedora 30 : php (2019-437d94e271)

PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...

CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...

Double free

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations...

PHP Multiple Vulnerabilities (Dec 2019) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...