216.73.217.86

CVE-2024-32641

· Published 03/12/2025 17:15 · Modified 05/12/2025 14:47

Labels: CVE-2024-32641 2025-12-03CVE-2024-32641CWE-94[email protected]

Essential information

Published
03/12/2025 17:15
Modified
05/12/2025 14:47
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
masacms / masacms cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:*
masacms / masacms cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:*
masacms / masacms cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:*

References