Mura/Masa CMS JSON API RCE
Description
Mura CMS (now known as Masa CMS) contains a critical Remote Code Execution vulnerability in its JSON API endpoint. The vulnerability stems from insufficient input validation of the 'method' parameter, which is passed directly to an evaluation function without proper sanitization. This allows unauthenticated attackers to inject and execute arbitrary code on the server, leading to complete system compromise.
Remediation
Immediately upgrade to the latest patched version of Mura CMS or Masa CMS that addresses this vulnerability. If immediate patching is not possible, implement the following temporary mitigations: (1) Restrict access to the JSON API endpoints at the network level using firewall rules or web application firewall (WAF) policies to allow only trusted IP addresses; (2) Disable the affected JSON API functionality if it is not required for business operations; (3) Monitor server logs for suspicious activity targeting JSON API endpoints, particularly requests with unusual 'method' parameter values; (4) Conduct a thorough security audit of the system to identify any signs of compromise if the vulnerability was previously exploitable. After patching, review all user accounts and access logs to ensure no unauthorized access occurred.