CVE-2024-32640

CRITICAL EXPLOITED NUCLEI

MASA CMS <7.4.5-7.2.7 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2024-32640 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Stuub, pizza-power, 0xYumeko. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python script that detects and exploits a SQL injection vulnerability (CVE-2024-32640) in Mura CMS by sending a crafted POST request with an escape sequence (`%5c`) in the `contenthistid` parameter. It also integrates with Ghauri for automated exploitation.

Description

MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for the issue.

Exploits (4)

nomisec WORKING POC 77 stars

by Stuub · infoleak

https://github.com/Stuub/CVE-2024-32640-SQLI-MuraCMS

View Code ZIP pw:eip

This repository contains a functional Python script that detects and exploits a SQL injection vulnerability (CVE-2024-32640) in Mura CMS by sending a crafted POST request with an escape sequence (`%5c`) in the `contenthistid` parameter. It also integrates with Ghauri for automated exploitation.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Mura CMS (version not specified)

No auth needed

Prerequisites: Python 3.x · requests library · Ghauri (optional for exploitation)

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by pizza-power · poc

https://github.com/pizza-power/CVE-2024-32640

View Code ZIP pw:eip

This repository contains a functional Python script demonstrating a time-based blind SQL injection exploit for CVE-2024-32640, targeting MySQL databases. It includes both vulnerability detection and data extraction capabilities (e.g., database name, user).

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: MySQL (specific version not specified)

No auth needed

Prerequisites: Target URL with vulnerable endpoint · Network access to the target

MITRE ATT&CK

T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by 0xYumeko · infoleak

https://github.com/0xYumeko/CVE-2024-32640-SQLI-MuraCMS

View Code ZIP pw:eip

This repository contains a functional exploit script for CVE-2024-32640, a SQL injection vulnerability in Mura CMS. The script checks for vulnerability by sending a crafted POST request and confirms exploitation via Ghauri for further SQL injection attacks.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Mura CMS

No auth needed

Prerequisites: Target URL · Ghauri installed for exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by sammings · infoleak

https://github.com/sammings/CVE-2024-32640

View Code ZIP pw:eip

This repository contains a functional Python script that exploits a time-based SQL injection vulnerability in Mura CMS (CVE-2024-32640). The script sends a crafted POST request with a SLEEP-based payload to detect the vulnerability by measuring response time delays.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Mura CMS

No auth needed

Prerequisites: Network access to the target Mura CMS instance · Python environment with 'requests' library

MITRE ATT&CK