CVE-2024-32641: Masacms Insecure Default Dynamic Content Flag
Masa CMS / Mura CMS configBean sets enableDynamicContent, enableMuraTag, or sharableRemoteSessions to true by default. With these flags enabled, the setDynamicContent renderer treats user input containing [m]...[/m] (or [mura]/[sava]) tags as live CFML and passes the inner expression to evaluate(), enabling pre-authentication remote code execution (CVE-2024-
greprules fetch cve-2024-32641-masacms-insecure-default-dynamic-content-flag --engine opengrepDescription
Masa CMS / Mura CMS configBean sets enableDynamicContent, enableMuraTag, or sharableRemoteSessions to true by default. With these flags enabled, the setDynamicContent renderer treats user input containing [m]...[/m] (or [mura]/[sava]) tags as live CFML and passes the inner expression to evaluate(), enabling pre-authentication remote code execution (CVE-2024-
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.