3 matches found
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection Vulnerabilities
Exploit for unknown platform in category web applications Exploit Title: Mura CMS before 6.2 SSRF + XXE Date: 30-10-2017 Exploit Author: Anthony Cole Vendor Homepage: http://www.getmura.com/ Version: before 6.2 Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Tested on:...
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection
Exploit Title: Mura CMS before 6.2 SSRF + XXE Date: 30-10-2017 Exploit Author: Anthony Cole Vendor Homepage: http://www.getmura.com/ Version: before 6.2 Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Tested on: Windows 2008 w/ Coldfusion 8 CVE: CVE-2017-15639 Category:...
CVE-2017-15639
CVE-2017-15639 affects Mura CMS before 6.2. The readRSS.cfm file can be abused to bypass access restrictions via the draggable feeds feature. Exploitation details are documented (e.g., SSRF/XXE vectors) and public exploit references exist. The remedy is to upgrade to Mura CMS 6.2 or later or appl...