.. / CVE-2022-47002

Exploit for Masa CMS - Authentication Bypass (CVE-2022-47002)

Description:

Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

Nuclei Template

View the template here CVE-2022-47002.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-47002.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-47002
https://hoyahaxa.blogspot.com/2023/01/preliminary-security-advisory.html
https://www.hoyahaxa.com/2023/01/preliminary-security-advisory.html
https://github.com/MasaCMS/MasaCMS/releases/tag/7.3.10
https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html