CVE-2026-40329
Masa CMS is affected by a SQL injection in the beanFeed.cfc component (getQuery handling of the sortBy parameter) in versions 7.5.2 and earlier. The vulnerability arises from insufficient sanitization/parameterization of sortBy, allowing an unauthenticated remote attacker to execute arbitrary SQL...