{"id":"CVE-2024-32640","summary":"MasaCMS SQL Injection vulnerability","details":"MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for the issue.","aliases":["GHSA-24rr-gwx3-jhqc"],"modified":"2026-04-10T05:12:15.350995Z","published":"2025-08-11T20:38:56.268Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32640.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-89"]},"references":[{"type":"WEB","url":"https://www.seebug.org/vuldb/ssvid-99835"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32640.json"},{"type":"ADVISORY","url":"https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-24rr-gwx3-jhqc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32640"},{"type":"FIX","url":"https://github.com/MasaCMS/MasaCMS/commit/259fc6061d022d5025a3289a3f8de9852ad9c91d"},{"type":"FIX","url":"https://github.com/MasaCMS/MasaCMS/commit/280489e2d6c8daf5022fdb0225235462dd9d4534"},{"type":"FIX","url":"https://github.com/MasaCMS/MasaCMS/commit/3d6319b8775bb6438bc822d845926990511f5075"},{"type":"PACKAGE","url":"https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS"},{"type":"ARTICLE","url":"https://projectdiscovery.io/blog/hacking-apple-with-sql-injection?ref=projectdiscovery-io-blog-newsletter"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/masacms/masacms","events":[{"introduced":"0"},{"fixed":"259fc6061d022d5025a3289a3f8de9852ad9c91d"}]},{"type":"GIT","repo":"https://github.com/masacms/masacms","events":[{"introduced":"0"},{"fixed":"280489e2d6c8daf5022fdb0225235462dd9d4534"}]},{"type":"GIT","repo":"https://github.com/masacms/masacms","events":[{"introduced":"0"},{"fixed":"3d6319b8775bb6438bc822d845926990511f5075"}]}],"versions":["5.5","6.2.6161","6.2.6527","7.0.6919","7.0.6930","7.0.6967","7.1.107","7.1.110","7.1.111","7.1.117","7.1.123","7.1.124","7.1.131","7.1.142","7.1.161","7.1.163","7.1.164","7.1.177","7.1.178","7.1.189","7.1.190","7.1.204","7.1.241","7.1.250","7.1.257","7.1.264","7.1.280","7.1.281","7.1.310","7.1.322","7.1.323","7.1.333","7.1.341","7.1.343","7.1.344","7.1.348","7.1.353","7.1.363","7.1.383","7.1.389","7.1.393","7.1.408","7.1.415","7.1.426","7.1.427","7.1.428","7.1.431","7.1.432","7.1.433","7.1.435","7.1.457","7.1.464","7.1.472","7.1.496","7.1.75","7.1.79","7.1.83","7.1.84","7.1.85","7.1.89","7.1.92","7.1.96","7.2.0","7.2.1","7.2.2","7.2.3","7.2.4","7.2.5","7.2.6","7.3","7.3.1","7.3.10","7.3.11","7.3.2","7.3.3","7.3.4","7.3.5","7.3.6","7.3.7","7.3.8","7.3.9","7.4.0","7.4.0-alpha.1","7.4.0-alpha.2","7.4.0-beta.1","7.4.0-beta.2","7.4.0-beta.3","7.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32640.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}