Thanks @Zackster
If anyone needs to patch Mura Manually, here is the code from MasaCMS: rememberme fix · MasaCMS/MasaCMS@e5ef29f · GitHub
Mentioned by Brian here: https://groups.google.com/g/mura-cms-developers/c/aZzYSPQNbi4/m/3eXgyCh6CwAJ?utm_medium=email&utm_source=footer&pli=1
Another related topic: https://groups.google.com/g/mura-cms-developers/c/MpjNlYcs1MI
I released the full advisory on the Mura CMS / Masa CMS authentication bypass vulnerability (CVE-2022-47003 / CVE-2022-47002) today - Hoya Haxa: Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002). In addition to technical details about the vulnerability, I also share some thoughts on quick fixes for sites running older, unsupported open source Mura CMS that can’t immediately migrate to Masa CMS.
Brian
I know I’m a bit late on this, but I’ve created a patcher for Mura cms which automatically patches this vulnerability.
https://github.com/emotions-ch/Mura-Patcher
Maybe It will be useful to some of you :3
Ori