Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MuraCMS through 10.1.10 contains a CSRF vulnerability in the bundle creation functionality (csettings.cfc createBundle method) that allows unauthenticated attackers to force administrators to create and save site bundles containing sensitive data to publicly accessible directories. This vulnerability enables complete data exfiltration including user accounts, password hashes, form submissions, email lists, plugins, and site content without administrator knowledge. This CSRF vulnerability enables complete data exfiltration from MuraCMS installations without requiring authentication. Attackers can force administrators to unknowingly create site bundles containing sensitive data, which are saved to publicly accessible web directories. The attack executes silently, leaving administrators unaware that confidential information has been compromised and is available for unauthorized download.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mura 安全漏洞
Vulnerability Description
Mura是Mura公司的一个内容管理系统。 Mura 10.1.10及之前版本存在安全漏洞,该漏洞源于捆绑包创建功能缺少CSRF令牌验证,可能导致数据渗漏。
CVSS Information
N/A
Vulnerability Type
N/A