CVE-2024-32642
- EPSS 0.16%
- Veröffentlicht 03.12.2025 16:37:53
- Zuletzt bearbeitet 05.12.2025 15:36:02
Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, a...
CVE-2024-32641
- EPSS 10.65%
- Veröffentlicht 03.12.2025 16:26:00
- Zuletzt bearbeitet 05.12.2025 14:47:50
Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criter...
CVE-2024-32640
- EPSS 68.59%
- Veröffentlicht 11.08.2025 21:15:26
- Zuletzt bearbeitet 15.04.2026 00:35:42
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versi...
CVE-2022-47002
- EPSS 6.25%
- Veröffentlicht 01.02.2023 14:15:08
- Zuletzt bearbeitet 21.11.2024 07:31:23
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.
CVE-2021-42183
- EPSS 4.51%
- Veröffentlicht 05.05.2022 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:27:22
MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.