CVE-2024-32641

Critical CVSS: 9.8

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6.

Vendor

Masacms

Product

Masacms

CWE

CWE-94

Yayın Tarihi

2025-12-03 17:15:48

Güncelleme

2025-12-05 14:47:50

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 Masacms CRITICAL Masacms 2025

Referanslar

https://github.com/MasaCMS/MasaCMS/commit/fb27f822fe426496af71205fa35208e58823fcf6 https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-cj9g-v5mq-qrjm

Benzer Kayıtlar

High

CVE-2025-66492

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0…

High

CVE-2024-32642

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerabl…

High

CVE-2024-32643

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the…