Another related topic: https://groups.google.com/g/mura-cms-developers/c/MpjNlYcs1MI
I released the full advisory on the Mura CMS / Masa CMS authentication bypass vulnerability (CVE-2022-47003 / CVE-2022-47002) today - Hoya Haxa: Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002). In addition to technical details about the vulnerability, I also share some thoughts on quick fixes for sites running older, unsupported open source Mura CMS that can’t immediately migrate to Masa CMS.
I know I’m a bit late on this, but I’ve created a patcher for Mura cms which automatically patches this vulnerability.
Maybe It will be useful to some of you :3