{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-32640","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2024-04-16T14:15:26.874Z","datePublished":"2025-08-11T20:38:56.268Z","dateUpdated":"2025-12-03T16:03:56.147Z"},"containers":{"cna":{"title":"MasaCMS SQL Injection vulnerability","problemTypes":[{"descriptions":[{"cweId":"CWE-89","lang":"en","description":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"name":"https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-24rr-gwx3-jhqc","tags":["x_refsource_CONFIRM"],"url":"https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-24rr-gwx3-jhqc"},{"name":"https://github.com/MasaCMS/MasaCMS/commit/259fc6061d022d5025a3289a3f8de9852ad9c91d","tags":["x_refsource_MISC"],"url":"https://github.com/MasaCMS/MasaCMS/commit/259fc6061d022d5025a3289a3f8de9852ad9c91d"},{"name":"https://github.com/MasaCMS/MasaCMS/commit/280489e2d6c8daf5022fdb0225235462dd9d4534","tags":["x_refsource_MISC"],"url":"https://github.com/MasaCMS/MasaCMS/commit/280489e2d6c8daf5022fdb0225235462dd9d4534"},{"name":"https://github.com/MasaCMS/MasaCMS/commit/3d6319b8775bb6438bc822d845926990511f5075","tags":["x_refsource_MISC"],"url":"https://github.com/MasaCMS/MasaCMS/commit/3d6319b8775bb6438bc822d845926990511f5075"},{"name":"https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS","tags":["x_refsource_MISC"],"url":"https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS"},{"name":"https://projectdiscovery.io/blog/hacking-apple-with-sql-injection?ref=projectdiscovery-io-blog-newsletter","tags":["x_refsource_MISC"],"url":"https://projectdiscovery.io/blog/hacking-apple-with-sql-injection?ref=projectdiscovery-io-blog-newsletter"},{"name":"https://www.seebug.org/vuldb/ssvid-99835","tags":["x_refsource_MISC"],"url":"https://www.seebug.org/vuldb/ssvid-99835"}],"affected":[{"vendor":"MasaCMS","product":"MasaCMS","versions":[{"version":">= 7.4.0, < 7.4.5","status":"affected"},{"version":">= 7.3.0, < 7.3.12","status":"affected"},{"version":"< 7.2.7","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2025-12-03T16:03:56.147Z"},"descriptions":[{"lang":"en","value":"MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for the issue."}],"source":{"advisory":"GHSA-24rr-gwx3-jhqc","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-11T20:59:02.553186Z","id":"CVE-2024-32640","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-11T20:59:20.872Z"}}]}}