Plataforma
other
Componente
masacms
Corrigido em
7.4.1
7.3.1
7.2.9
CVE-2024-32641 is a critical Remote Code Execution (RCE) vulnerability discovered in Masa CMS. This flaw allows an unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability impacts versions of Masa CMS prior to 7.2.8, 7.3.13, and 7.4.6, and is resolved in version 7.4.1.
The impact of this RCE vulnerability is severe. An attacker can leverage it to gain complete control over a vulnerable Masa CMS installation. This includes the ability to execute arbitrary commands, access sensitive data, modify website content, and potentially pivot to other systems on the network. The lack of authentication required for exploitation significantly broadens the attack surface, making it a high-priority risk. Successful exploitation could lead to data breaches, website defacement, and complete system compromise.
CVE-2024-32641 has been published on 2025-12-03. Public proof-of-concept (POC) code is likely to emerge given the ease of exploitation and the critical severity. The vulnerability's simplicity and lack of authentication requirements suggest a high probability of exploitation. It has not yet been added to the CISA KEV catalog.
Organizations utilizing Masa CMS for content management, particularly those running versions prior to 7.4.1, are at significant risk. Shared hosting environments where multiple websites share the same server instance are especially vulnerable, as a compromise of one site could potentially lead to the compromise of others.
• linux / server: Monitor web server access logs for requests containing the string m tag or unusual characters within the criteria parameter. Use journalctl -f to monitor Masa CMS application logs for error messages related to input validation or code execution.
grep 'm tag' /var/log/apache2/access.log• generic web: Use curl to test the vulnerable endpoint with a crafted payload containing the m tag. Examine the response for signs of code execution.
curl -X POST -d 'criteria=...m tag...' <vulnerable_endpoint>disclosure
Status do Exploit
EPSS
0.98% (percentil 77%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-32641 is to immediately upgrade Masa CMS to version 7.4.1 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter requests containing the 'm' tag in the criteria parameter. Carefully review and sanitize all user input within the addParam function. Monitor Masa CMS logs for suspicious activity, particularly requests containing unusual characters or patterns in the 'criteria' parameter. After upgrading, confirm the fix by attempting to trigger the vulnerability with a crafted request and verifying that it is blocked.
Atualize Masa CMS para a versão 7.2.8, 7.3.13 ou 7.4.6, ou para uma versão posterior. Isso corrige a vulnerabilidade de execução remota de código através da API JSON.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-32641 is a critical RCE vulnerability in Masa CMS versions ≤7.4.0 and <7.4.6, allowing unauthenticated attackers to execute arbitrary code.
You are affected if you are running Masa CMS versions prior to 7.2.8, 7.3.13, or 7.4.6. Upgrade to 7.4.1 or later to mitigate the risk.
Upgrade Masa CMS to version 7.4.1 or later. As a temporary workaround, implement a WAF rule to block requests containing the 'm' tag in the criteria parameter.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation in the near future.
Refer to the official Masa CMS security advisory for detailed information and updates regarding CVE-2024-32641.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.