CNNVD-202512-385 Information

CNNVD ID

CNNVD-202512-385

Related CVE

CVE-2024-32642

• CNNVD Published: 2025-12-03

Description (Chinese)

Masa CMS是一个数字体验平台。 Masa CMS 7.2.8之前版本、7.3.13之前版本和7.4.6之前版本存在授权问题漏洞，该漏洞源于主机头投毒，可能导致通过密码重置邮件进行账户接管。

Description (English)

Masa CMS is a digital experience platform. Before Masa CMS 7.2.8, before 7.3.13 and before 7.4.6, there was a mandate gap, which stemmed from the poisoning of the mainframe and could result in the account being taken over by re-mail with a password.

Hazard Level

High

Vulnerability Type

授权问题

Published

2025-12-03

Last Modified

2026-02-24

References

https://github.com/MasaCMS/MasaCMS/commit/7541b9c99fb9e32d1de6f2658750525cec1d8960 https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-qjm6-c8hx-ffh8 https://access.redhat.com/security/cve/cve-2024-32642

Patch

https://github.com/MasaCMS/MasaCMS/releases