CNNVD-202512-386 Information
Dec 03, 2025
cve
CNNVD ID
CNNVD-202512-386
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Masa CMS是一个数字体验平台。 Masa CMS 7.2.8之前版本、7.3.13之前版本和7.4.6之前版本存在代码注入漏洞,该漏洞源于addParam函数接受用户输入并通过setDynamicContent评估,可能导致远程代码执行。
Description (English)
Masa CMS is a digital experience platform. Before Masa CMS 7.2.8, before 7.3.13 and before 7.4.6, there is a code-injecting loophole, which originates from the addParam function, which receives input from users and is assessed through setDynamicContent, which may result in remote code execution.
Hazard Level
Low
Vulnerability Type
代码注入
Published
2025-12-03
Last Modified
2026-02-24
References
https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-cj9g-v5mq-qrjm https://github.com/MasaCMS/MasaCMS/commit/fb27f822fe426496af71205fa35208e58823fcf6 https://access.redhat.com/security/cve/cve-2024-32641
Patch
https://github.com/MasaCMS/MasaCMS/releases
Share on: