107 matches found
PT-2026-38227
Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.empty function fails to validate anti-CSRF Cross-Site Request Forgery tokens for tras...
CVE-2026-40331
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...
CVE-2026-40331
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...
CVE-2025-67830
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...
CVE-2025-67829
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...
CVE-2025-55040
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...
CVE-2025-55044
The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks CSRF token validation, enabling malicious websites to forge requests that restore content...
CVE-2025-55045
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
EUVD-2025-208838
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...
EUVD-2025-208836
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...
EUVD-2025-208833
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
EUVD-2025-208827
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...
EUVD-2025-208829
MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management cUsers.cfc addToGroup method that allows attackers to escalate privileges by adding any user to any group without proper authorization checks. The vulnerable function lacks CSRF token...
CVE-2025-67830
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...
CVE-2025-67829
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...
CVE-2025-55045
The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...
CVE-2025-55046
MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable cTrash.empty function lacks CSRF token validation, enabling malicious websites to forge requests that...
Mura 安全漏洞
Mura is a content management system developed by Mura Corporation. Versions of Mura 10.1.10 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF token verification when clearing the trash bin, which could lead to permanent data loss...
Mura 安全漏洞
Mura is a content management system developed by Mura Corporation. Versions of Mura 10.1.10 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF token verification in the “bin cleanup” function, which could allow unauthorized content to be restored...
CVE-2025-67829
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...