PRP: Request SQLi in Mura/Masa CMS (CVE-2024-32640)

[W0ngL1]

Hi there.

I would like to start implementing a plugin to detect SQLi in Mura/Masa CMS (CVE-2024-32640). This vulnerability was published on May 2024, and Apple has been hacked cause this vulnerability, https://blog.projectdiscovery.io/hacking-apple-with-sql-injection/.

References:
https://nvd.nist.gov/vuln/detail/CVE-2024-32640
https://blog.projectdiscovery.io/hacking-apple-with-sql-injection/

Description:
Mura CMS and Masa CMS are content management systems designed to facilitate the creation, management, and deployment of digital content for websites and web applications. Both CMS platforms offer robust features tailored to different needs, though they share some common capabilities.

Affected Versions:
Masa CMS < 7.4.6/7.3.13/7.2.8

Thanks.

[github-actions]

Welcome to the Tsunami patch reward program!

Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.

Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.

~The Tsunami PRP team

[github-actions]

This message is addressed to the Tsunami panel.

Contributor stats

• The contributor has 1 issues tagged as main;
• The contributor has 0 issues tagged as queue.

Useful links

• All open issues from this contributor
• All open PRs from this contributor

[tooryx]

Hi @W0ngL1,

We are not interested in this detector.
Thank you,
~tooryx