23 matches found
CVE-2026-40330
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...
CVE-2026-49489
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...
CVE-2026-49489
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...
CVE-2026-49489
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...
OpenCats SQL注入漏洞
OpenCats is an open-source recruitment process management system developed by OpenCats. Versions of OpenCats prior to 0.9.7.4 had a SQL injection vulnerability. This vulnerability stemmed from the sortDirection parameter in the DataGrid component, which allowed SQL injections. It was possible for...
PT-2026-45191
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...
CVE-2026-40330
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...
CVE-2026-40330
Summary of CVE-2026-40330 : Masa CMS is affected by an SQL injection in the beanFeed.cfc component, specifically in the getQuery function when handling the sortDirection parameter. The parameter is concatenated directly into SQL queries without sanitization or parameterization, enabling an unauth...
CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...
CVE-2026-40330
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...
PT-2026-37236
Name of the Vulnerable Software and Affected Versions Masa CMS versions 7.2.0 through 7.2.9 Masa CMS versions 7.3.0 through 7.3.14 Masa CMS versions 7.4.0 through 7.4.9 Masa CMS versions 7.5.0 through 7.5.2 Description A SQL injection issue exists in the beanFeed.cfc component within the getQuery...
CVE-2025-67829
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...
CVE-2025-67829
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...
PT-2026-26085
CVE-2025-67829 Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection. https://t.co/EsT6nGpd9g...
Mura 安全漏洞
Mura is a content management system developed by Mura Corporation. Versions of Mura prior to 10.1.14 contained security vulnerabilities, which were caused by SQL injection attacks in the getQuery sortDirection parameter of the beanFeed.cfc file...
CVE-2025-67829
CVE-2025-67829 affects the Mura CMS prior to version 10.1.14, where the issue resides in the beanFeed.cfc getQuery sortDirection path and enables a SQL injection . The vulnerability is described as allowing malicious input to influence SQL logic, potentially affecting data access via the affected...
CVE-2022-42748
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
CVE-2022-42748
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
Cross site scripting
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
CVE-2022-42748
CandidATS 3.0.0 is affected by a Cross-Site Scripting (XSS) flaw in the sortDirection parameter of ajax.php. The Nuclei template confirms exploitation by injecting arbitrary script in the victim's browser, enabling cookie-based credential theft and related attacks. The root cause is improper inpu...