Primary

Context

Mura SQL Injection Vulnerability in beanFeed.cfc Allowing Query Manipulation

Vulnerability

A SQL injection vulnerability has been identified in Mura versions prior to 10.1.14, specifically within the beanFeed.cfc component. This issue allows for injection of malicious SQL through the 'sortby' parameter of the 'getQuery' function, potentially leading to unauthorized data manipulation or disclosure.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries. This could lead to unauthorized data access, data modification, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the 'beanFeed.cfc' component's 'getQuery' function. Include a crafted 'sortby' parameter that injects malicious SQL. The injection can be verified by observing unexpected database behavior, such as unauthorized data access or manipulation.

Remediation

Users are advised to update to Mura version 10.1.14 or later, where this vulnerability has been addressed.

Added: Mar 18, 2026, 5:31 PM

Updated: Mar 18, 2026, 5:31 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.9

remediation

0.0

relevance

4.1

threat

1.6

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

7.9

remediation

0.0

relevance

4.1

threat

1.6

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mura SQL Injection Vulnerability in beanFeed.cfc Allowing Query Manipulation

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Mura

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating