Security Notice: Mura CMS < 10.0.580 and Masa CMS < 7.3.10

Thanks @Zackster

If anyone needs to patch Mura Manually, here is the code from MasaCMS: rememberme fix · MasaCMS/MasaCMS@e5ef29f · GitHub

Mentioned by Brian here: https://groups.google.com/g/mura-cms-developers/c/aZzYSPQNbi4/m/3eXgyCh6CwAJ?utm_medium=email&utm_source=footer&pli=1

Another related topic: https://groups.google.com/g/mura-cms-developers/c/MpjNlYcs1MI

2 Likes

I released the full advisory on the Mura CMS / Masa CMS authentication bypass vulnerability (CVE-2022-47003 / CVE-2022-47002) today - Hoya Haxa: Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002). In addition to technical details about the vulnerability, I also share some thoughts on quick fixes for sites running older, unsupported open source Mura CMS that can’t immediately migrate to Masa CMS.

Brian

1 Like