Create Mura_CMS_index.cfm_api_json_v1_default_SQL_Injection_Vulnerability(CVE-2024-32640).md

2025-06-20 01:40:20 +00:00 · 2024-05-15 12:06:06 +08:00 · 2024-05-15 12:06:06 +08:00 · 490bf8c6be
commit 490bf8c6be
parent 50928b231d
1 changed files with 13 additions and 0 deletions
--- a/Mura_CMS_index.cfm_api_json_v1_default_SQL_Injection_Vulnerability(CVE-2024-32640).md
+++ b/Mura_CMS_index.cfm_api_json_v1_default_SQL_Injection_Vulnerability(CVE-2024-32640).md
@ -0,0 +1,13 @@
+
+## 		Mura CMS /index.cfm/_api/json/v1/default SQL Injection Vulnerability(CVE-2024-32640)
+
+|   **Vulnerability**  | 	Mura CMS /index.cfm/_api/json/v1/default SQL Injection Vulnerability(CVE-2024-32640) |
+| :----:   | :-----|
+|  **Chinese name**  |	Masa/Mura CMS /index.cfm/_api/json/v1/default/ SQL 注入漏洞（CVE-2024-32640） |
+| **CVSS core**  | 	8.6 |
+| **FOFA Query**  (click to view the results directly)| [	app="Mura-CMS"](https://en.fofa.info/result?qbase64=Ym9keT0iTXVyYSBDTVMiIHx8IGhlYWRlcj0iTXVyYSBDTVMiIHx8IGJhbm5lcj0iTXVyYSBDTVMi)|
+| **Number of assets affected**  | 		9849 |
+| **Description**  | Masa CMS is a digital experience platform, created by blueriver as Mura CMS, forked by We Are North. Masa CMS was designed to build ambitious web, multi-channel, business-to-business and business-to-employee applications, and create Flow in the digital experience for Content Managers, Content Contributors, Marketers and Developers.&nbsp;Mura CMS /index.cfm/_api/json/v1/default/ endpoint has an SQL injection vulnerability. Attackers can exploit this vulnerability to execute SQL commands and retrieve database data.|
+| **Impact** | 		Mura CMS /index.cfm/_api/json/v1/default/ endpoint has an SQL injection vulnerability. Attackers can exploit this vulnerability to execute SQL commands and retrieve database data.|
+
+![](https://s3.bmp.ovh/imgs/2024/05/15/e3c7cf8ea979ae28.gif)