SSD Advisory – MuraCMS Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in MuraCMS version 6.2. MuraCMS is an open source content management system for CFML, created by Blue River Interactive Group. Mura has been designed to be used by marketing departments, web designers and developers.

The vulnerabilities found in MuraCMS are:

  1. Unauthenticated remote arbitrary code execution
  2. Unrestricted file upload

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
BlurRiver has released patch to address the vulnerabilities: “we put builds with the vulnerabilities patched and then released a blog as well as communicated via our Google group, Slack channel, twitter and mailing list.”

The patch and blog post can be found here

Continue reading SSD Advisory – MuraCMS Multiple Vulnerabilities