CNNVD-202508-966 Information

Aug 11, 2025 cve

CNNVD ID

CNNVD-202508-966

CVE-2024-32640

  • CNNVD Published: 2025-08-11

Description (Chinese)

Masa CMS是一个数字体验平台。 Masa CMS 7.4.6之前版本、7.3.13之前版本和7.2.8之前版本存在SQL注入漏洞,该漏洞源于processAsyncObject方法存在SQL注入,可能导致远程代码执行。

Description (English)

Masa CMS is a digital experience platform. The previous version of Masa CMS 7.4.6, the previous version of 7.3.13 and the previous version of 7.2.8 had an SQL injection loophole, which originated from the SQL injection of the processeAsyncObject method, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2025-08-11

Last Modified

2026-02-24

References

https://github.com/MasaCMS/MasaCMS/commit/280489e2d6c8daf5022fdb0225235462dd9d4534 https://github.com/MasaCMS/MasaCMS/releases/tag/7.2.8 https://github.com/MasaCMS/MasaCMS/releases/tag/7.4.6 https://projectdiscovery.io/blog/hacking-apple-with-sql-injection?ref=projectdiscovery-io-blog-newsletter https://github.com/MasaCMS/MasaCMS/commit/259fc6061d022d5025a3289a3f8de9852ad9c91d https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-24rr-gwx3-jhqc https://github.com/MasaCMS/MasaCMS/commit/3d6319b8775bb6438bc822d845926990511f5075 https://github.com/MasaCMS/MasaCMS/releases/tag/7.3.13 https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS https://www.seebug.org/vuldb/ssvid-99835 https://access.redhat.com/security/cve/cve-2024-32640

Patch

https://github.com/MasaCMS/MasaCMS/releases

Share on: