CVE-2022-47002
A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.
| Software | From | Fixed in |
|---|---|---|
| masacms / masacms | - | 7.2.5 |
| masacms / masacms | 7.4.0-alpha2 | 7.4.0-alpha2.x |
| masacms / masacms | 7.4.0-beta1 | 7.4.0-beta1.x |
| masacms / masacms | 7.4.0-beta2 | 7.4.0-beta2.x |
| masacms / masacms | 7.4.0-alpha1 | 7.4.0-alpha1.x |
| masacms / masacms | 7.3 | 7.3.10 |
- https://github.com/MasaCMS/MasaCMS/releases/tag/7.3.10
- https://hoyahaxa.blogspot.com/2023/01/preliminary-security-advisory.html
- https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html
- https://www.hoyahaxa.com/2023/01/preliminary-security-advisory.html
- https://www.hoyahaxa.com/2023/03/authentication-bypass-mura-masa.html
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime