Update GobyVuls-Document.md

GobyVuls-Document.md

@@ -2,8 +2,20 @@
 The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
 
 
-**Updated document date: April 26, 2024** 
+**Updated document date: May 15, 2024** 
 
+## 		Mura CMS /index.cfm/_api/json/v1/default SQL Injection Vulnerability(CVE-2024-32640)
+
+|   **Vulnerability**  | 	Mura CMS /index.cfm/_api/json/v1/default SQL Injection Vulnerability(CVE-2024-32640) |
+| :----:   | :-----|
+|  **Chinese name**  |	Masa/Mura CMS /index.cfm/_api/json/v1/default/ SQL 注入漏洞（CVE-2024-32640） |
+| **CVSS core**  | 	8.6 |
+| **FOFA Query**  (click to view the results directly)| [	app="Mura-CMS"](https://en.fofa.info/result?qbase64=Ym9keT0iTXVyYSBDTVMiIHx8IGhlYWRlcj0iTXVyYSBDTVMiIHx8IGJhbm5lcj0iTXVyYSBDTVMi)|
+| **Number of assets affected**  | 		9849 |
+| **Description**  | Masa CMS is a digital experience platform, created by blueriver as Mura CMS, forked by We Are North. Masa CMS was designed to build ambitious web, multi-channel, business-to-business and business-to-employee applications, and create Flow in the digital experience for Content Managers, Content Contributors, Marketers and Developers. Mura CMS /index.cfm/_api/json/v1/default/ endpoint has an SQL injection vulnerability. Attackers can exploit this vulnerability to execute SQL commands and retrieve database data.|
+| **Impact** | 		Mura CMS /index.cfm/_api/json/v1/default/ endpoint has an SQL injection vulnerability. Attackers can exploit this vulnerability to execute SQL commands and retrieve database data.|
+
+![](https://s3.bmp.ovh/imgs/2024/05/15/e3c7cf8ea979ae28.gif)
 
 ## 	CrushFTP /WebInterface/function File Read Vulnerability