CVE-2026-40330 | Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 beanFeed.cfc getQuery sortDirection sql injection (GHSA-56cc-gxfr-hqp8)

Inserito da Angelo Barbosa | Mag 5, 2026 | CVE

A vulnerability was found in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 and classified as critical. The affected element is the function getQuery of the file beanFeed.cfc. Executing a manipulation of the argument sortDirection can lead to sql injection.

This vulnerability is handled as CVE-2026-40330. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.

CVE-2026-40330 | Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 beanFeed.cfc getQuery sortDirection sql injection (GHSA-56cc-gxfr-hqp8)

Post correlati

CVE-2024-13589 | johnnya23 YouTube Playlists with Schema Plugin up to 2.6.1 on WordPress Shortcode yt_grid cross site scripting

CVE-2026-22165 | Imagination Graphics DDK up to 1.18 RTM/23.2 RTM/24.2 RTM/25.3 RTM use after free

CVE-2024-57928 | Linux Kernel up to 6.12.9/6.13-rc6 netfs_read_to_pagecache buffer overflow

CVE-2024-5930 | VIPRE Advanced Security permission