7 matches found
CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...
CVE-2026-40329
Masa CMS is affected by a SQL injection in the beanFeed.cfc component (getQuery handling of the sortBy parameter) in versions 7.5.2 and earlier. The vulnerability arises from insufficient sanitization/parameterization of sortBy, allowing an unauthenticated remote attacker to execute arbitrary SQL...
CVE-2025-67830
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...
CVE-2025-67829
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...
CVE-2025-67829
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...
CVE-2025-67829
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...
CVE-2025-67830
Mura CMS vulnerable before 10.1.14 due to beanFeed.cfc getQuery sortby SQL injection. Root cause is improper handling of sortby in the getQuery path, enabling SQL injection with high impact to confidentiality, integrity, and availability (CVSS 9.8). Mitigation: upgrade to version 10.1.14 or apply...