Masa CMS Cross-Site Request Forgery Vulnerability in Content Restoration Function

A cross-site request forgery (CSRF) vulnerability has been identified in Masa CMS versions 7.5.2 and earlier, specifically within the content restoration feature. The issue arises because the 'cTrash.restore' function does not adequately validate anti-CSRF tokens, allowing an attacker to manipulate a logged-in administrator into submitting a fake request that restores deleted items from the trash. These items can be placed in an attacker-controlled location on the site using the 'parentid' parameter. This vulnerability could be exploited to reinstate harmful or outdated content, expose sensitive documents by relocating them to public areas, and disrupt the overall site structure or content integrity.

Impact

Exploitation of this vulnerability allows for unauthorized restoration of deleted content, movement of sensitive documents into publicly accessible areas, disruption of the site's structural integrity, and reintroduction of outdated or non-compliant content that had been previously removed for security or legal reasons.

Remediation

Users are advised to upgrade to Masa CMS versions 7.2.10, 7.3.15, 7.4.10, or 7.5.3. If an immediate upgrade is not possible, administrators can log out of the Masa CMS admin interface when not in use, perform administrative tasks in a private browsing window, configure a Web Application Firewall to block suspicious requests to the 'cTrash.cfc' endpoint, and regularly empty the trash to reduce the amount of content available for unauthorized restoration.