Security Notice: Mura CMS < 10.0.580 and Masa CMS < 7.3.10

Thanks @Zackster

If anyone needs to patch Mura Manually, here is the code from MasaCMS: rememberme fix · MasaCMS/MasaCMS@e5ef29f · GitHub

Mentioned by Brian here:

Another related topic:


I released the full advisory on the Mura CMS / Masa CMS authentication bypass vulnerability (CVE-2022-47003 / CVE-2022-47002) today - Hoya Haxa: Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002). In addition to technical details about the vulnerability, I also share some thoughts on quick fixes for sites running older, unsupported open source Mura CMS that can’t immediately migrate to Masa CMS.


1 Like

I know I’m a bit late on this, but I’ve created a patcher for Mura cms which automatically patches this vulnerability.
Maybe It will be useful to some of you :3