CVE-2026-40329 | Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 beanFeed.cfc getQuery sortBy sql injection (GHSA-3xpq-q494-8qq4)

Inserito da Angelo Barbosa | Mag 5, 2026 | CVE

A vulnerability was found in Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2. It has been classified as critical. The impacted element is the function getQuery of the file beanFeed.cfc. The manipulation of the argument sortBy leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-40329. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is recommended.

CVE-2026-40329 | Masa CMS up to 7.2.9/7.3.14/7.4.9/7.5.2 beanFeed.cfc getQuery sortBy sql injection (GHSA-3xpq-q494-8qq4)

Post correlati

CVE-2023-7217 | libEBML MemIOCallback::read integer overflow

CVE-2026-2339 | Tubitak Bilgem Liderahenk up to 3.3.x missing authentication

CVE-2025-48491 | aryan6673 project-ai prior pre-beta API Key hard-coded credentials

CVE-2024-3766 | slowlyo OwlAdmin up to 3.5.7 Image File Upload /admin-api/upload_image file cross site scripting