← Back

CVE-2024-32641

nvd nist
Published: Dec 3, 2025Modified: Jun 17, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: security-advisories@github.com (Secondary)

Description

Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6.

Affected (3)

Products: Masacms: Masacms
1 product
Masacms
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Masacms
Before 7.2.8
From 7.3 to 7.3.13
From 7.4.0 to 7.4.6

References (2)

Timeline

No history available yet.