CVE-2025-67829

Critical CVSS: 9.8

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.

Vendor

Product

CWE

Yayın Tarihi

2026-03-18 16:16:24

Güncelleme

2026-03-20 18:08:44

Source Identifier

cve@mitre.org

KEV Date Added

CWE-89 Mura Cms CRITICAL Murasoftware 2026

https://docs.murasoftware.com/v10/release-notes/#section-version-1014

Critical

CVE-2025-67830

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.

High

CVE-2025-55040

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form defi…

High

CVE-2025-55041

MuraCMS through 10.1.10 contains a CSRF vulnerability in the Add To Group functionality for user management (cUsers.cfc…

Medium

CVE-2025-55043

MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle m…

High

CVE-2025-55044

The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the tra…

High

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information…