CVE-2024-32640
- Source
- https://cve.org/CVERecord?id=CVE-2024-32640
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32640.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-32640
- Aliases
-
- GHSA-24rr-gwx3-jhqc
- Published
- 2025-08-11T20:38:56.268Z
- Modified
- 2026-04-10T05:12:15.350995Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- MasaCMS SQL Injection vulnerability
- Details
-
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the
processAsyncObjectmethod that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for the issue. - Database specific
{ "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32640.json", "cna_assigner": "GitHub_M" }- References
-
- https://www.seebug.org/vuldb/ssvid-99835
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32640.json
- https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-24rr-gwx3-jhqc
- https://nvd.nist.gov/vuln/detail/CVE-2024-32640
- https://github.com/MasaCMS/MasaCMS/commit/259fc6061d022d5025a3289a3f8de9852ad9c91d
- https://github.com/MasaCMS/MasaCMS/commit/280489e2d6c8daf5022fdb0225235462dd9d4534
- https://github.com/MasaCMS/MasaCMS/commit/3d6319b8775bb6438bc822d845926990511f5075
- https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS
- https://projectdiscovery.io/blog/hacking-apple-with-sql-injection?ref=projectdiscovery-io-blog-newsletter
Affected packages
Git / github.com/masacms/masacms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/masacms/masacms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/masacms/masacms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/masacms/masacms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
5.*
5.5
6.*
6.2.6161
6.2.6527
7.*
7.0.6919
7.0.6930
7.0.6967
7.1.107
7.1.110
7.1.111
7.1.117
7.1.123
7.1.124
7.1.131
7.1.142
7.1.161
7.1.163
7.1.164
7.1.177
7.1.178
7.1.189
7.1.190
7.1.204
7.1.241
7.1.250
7.1.257
7.1.264
7.1.280
7.1.281
7.1.310
7.1.322
7.1.323
7.1.333
7.1.341
7.1.343
7.1.344
7.1.348
7.1.353
7.1.363
7.1.383
7.1.389
7.1.393
7.1.408
7.1.415
7.1.426
7.1.427
7.1.428
7.1.431
7.1.432
7.1.433
7.1.435
7.1.457
7.1.464
7.1.472
7.1.496
7.1.75
7.1.79
7.1.83
7.1.84
7.1.85
7.1.89
7.1.92
7.1.96
7.2.0
7.2.1
7.2.2
7.2.3
7.2.4
7.2.5
7.2.6
7.3
7.3.1
7.3.10
7.3.11
7.3.2
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8
7.3.9
7.4.0
7.4.0-alpha.1
7.4.0-alpha.2
7.4.0-beta.1
7.4.0-beta.2
7.4.0-beta.3
7.4.1