CVE-2024-32641
Last modified
CVE-2024-32641 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. EPSS estimates a 10.65% chance of exploitation in the next 30 days.
Description
Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Masacms | Masacms | < 7.2.8 |
| Masacms | Masacms | >= 7.3, < 7.3.13 |
| Masacms | Masacms | >= 7.4.0, < 7.4.6 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-32641?
How severe is CVE-2024-32641?
How do I fix CVE-2024-32641?
Are you affected by CVE-2024-32641?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST