Masa CMS SQL Injection Vulnerability in beanFeed Component

A SQL injection vulnerability has been identified in Masa CMS versions through 7.5.2. The issue resides in the beanFeed.cfc component, specifically within the getQuery function, where the sortBy parameter is processed. The vulnerability arises because the application does not adequately sanitize or parameterize this input before it is used in dynamic SQL statements. This flaw allows an unauthenticated remote attacker to execute arbitrary SQL commands against the database. Exploitation of this vulnerability could lead to unauthorized access to sensitive data, modification or deletion of records, or escalation of privileges to gain administrative control over the CMS.

Impact

Exploitation of this vulnerability allows for arbitrary SQL command execution, potentially leading to unauthorized data access, data manipulation, or administrative privilege escalation within the CMS.

Remediation

Users are advised to upgrade to Masa CMS versions 7.2.10, 7.3.15, 7.4.10, or 7.5.3. If an immediate upgrade is not possible, it is recommended to configure Web Application Firewall (WAF) rules to block malicious SQL patterns in the sortBy parameter sent to beanFeed.cfc. Additionally, restrict network access to CMS administrative components to trusted IP addresses and ensure the database user account follows the principle of least privilege.