SQL Injection in Masacms

CVE-2026-40330

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQue…

Vulnerability class: SQL Injection

EPSS: 0.003 (55.8th percentile) — read the EPSS interpretation.

Affected products

Masacms — versions <= 7.2.9, >= 7.3.0, <= 7.3.14, >= 7.4.0, <= 7.4.9

Weakness classification (CWE)

CWE-89 — SQL Injection

References

https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-56cc-gxfr-hqp8 (x_refsource_CONFIRM)