From 490bf8c6be7994550de8b0b49639860030d5a5f2 Mon Sep 17 00:00:00 2001 From: Goby <50955360+gobysec@users.noreply.github.com> Date: Wed, 15 May 2024 12:06:06 +0800 Subject: [PATCH] Create Mura_CMS_index.cfm_api_json_v1_default_SQL_Injection_Vulnerability(CVE-2024-32640).md --- ...t_SQL_Injection_Vulnerability(CVE-2024-32640).md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 Mura_CMS_index.cfm_api_json_v1_default_SQL_Injection_Vulnerability(CVE-2024-32640).md diff --git a/Mura_CMS_index.cfm_api_json_v1_default_SQL_Injection_Vulnerability(CVE-2024-32640).md b/Mura_CMS_index.cfm_api_json_v1_default_SQL_Injection_Vulnerability(CVE-2024-32640).md new file mode 100644 index 0000000..26bcde3 --- /dev/null +++ b/Mura_CMS_index.cfm_api_json_v1_default_SQL_Injection_Vulnerability(CVE-2024-32640).md @@ -0,0 +1,13 @@ + +## Mura CMS /index.cfm/_api/json/v1/default SQL Injection Vulnerability(CVE-2024-32640) + +| **Vulnerability** | Mura CMS /index.cfm/_api/json/v1/default SQL Injection Vulnerability(CVE-2024-32640) | +| :----: | :-----| +| **Chinese name** | Masa/Mura CMS /index.cfm/_api/json/v1/default/ SQL 注入漏洞(CVE-2024-32640) | +| **CVSS core** | 8.6 | +| **FOFA Query** (click to view the results directly)| [ app="Mura-CMS"](https://en.fofa.info/result?qbase64=Ym9keT0iTXVyYSBDTVMiIHx8IGhlYWRlcj0iTXVyYSBDTVMiIHx8IGJhbm5lcj0iTXVyYSBDTVMi)| +| **Number of assets affected** | 9849 | +| **Description** | Masa CMS is a digital experience platform, created by blueriver as Mura CMS, forked by We Are North. Masa CMS was designed to build ambitious web, multi-channel, business-to-business and business-to-employee applications, and create Flow in the digital experience for Content Managers, Content Contributors, Marketers and Developers. Mura CMS /index.cfm/_api/json/v1/default/ endpoint has an SQL injection vulnerability. Attackers can exploit this vulnerability to execute SQL commands and retrieve database data.| +| **Impact** | Mura CMS /index.cfm/_api/json/v1/default/ endpoint has an SQL injection vulnerability. Attackers can exploit this vulnerability to execute SQL commands and retrieve database data.| + +![](https://s3.bmp.ovh/imgs/2024/05/15/e3c7cf8ea979ae28.gif)