Vendor
Mura
Products
2
CVEs
5
Across products
5
Status
Private
Products
2- 3 CVEs
- 2 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-47003 | Cri | 0.64 | 9.8 | 0.04 | Feb 1, 2023 | A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | ||
| CVE-2017-15639 | Med | 0.46 | 6.5 | 0.07 | Oct 19, 2017 | tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature. | ||
| CVE-2010-3468 | 0.04 | — | 0.07 | Sep 29, 2010 | Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/. | |||
| CVE-2025-67829 | 0.00 | — | 0.00 | Mar 18, 2026 | Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection. | |||
| CVE-2025-67830 | 0.00 | — | 0.00 | Mar 18, 2026 | Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection. |
- risk 0.64cvss 9.8epss 0.04
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.
- risk 0.46cvss 6.5epss 0.07
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
- CVE-2010-3468Sep 29, 2010risk 0.04cvss —epss 0.07
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.
- CVE-2025-67829Mar 18, 2026risk 0.00cvss —epss 0.00
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.
- CVE-2025-67830Mar 18, 2026risk 0.00cvss —epss 0.00
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.