CVE-2022-47003
published 2023-02-01CVE-2022-47003: A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.64%
88.2th percentile
A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| murasoftware | mura_cms | < 10.0.580 | 10.0.580 |
Detection & IOCsextracted from sources · hover to see the quote
url/index.cfm/_api/json/v1/{{siteid}}/content/?fields=lastupdatebyid
url/admin/?muraAction=cEditProfile.edit
cookieuserid={{uuid}}; userhash=
- →Detect exploitation attempts by monitoring HTTP GET requests to /index.cfm/_api/json/v1/*/content/ with the 'fields=lastupdatebyid' parameter, which is used to harvest a valid admin UUID for the bypass.
- →Detect authentication bypass attempts by monitoring requests to /admin/?muraAction=cEditProfile.edit that carry a 'userid' cookie with a UUID value but an empty 'userhash' cookie.
- →Shodan fingerprinting queries for exposed Mura CMS instances: search for 'Generator: Mura CMS' or 'generator: mura cms' in HTTP headers/body.
- →Extract the admin UUID from the JSON API response using the regex '"lastupdatebyid":"([A-F0-9-]+)"' — this UUID is then reused as the 'userid' cookie value to impersonate the admin.
- →Extract the Mura CMS site ID from the page body using the regex 'siteid:"(.*?)"' — this value is required to construct the API endpoint used in the attack chain.
- ·The attack is a 3-step chain: (1) GET / to extract siteid, (2) query the JSON API with the siteid to harvest an admin UUID via 'lastupdatebyid', (3) send a crafted request to /admin/ with the UUID as the 'userid' cookie and an empty 'userhash' cookie to bypass authentication.
- ·The vulnerability is in the 'Remember Me' function (CWE-863: Incorrect Authorization). The empty 'userhash' cookie combined with a valid 'userid' UUID is the core bypass mechanism. ↗
- ·The Nuclei template uses up to 2 redirects; detection logic must account for redirect chains when monitoring for this attack pattern.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Mura CMS <10.0.580 - Authentication Bypass
nuclei·CVSS 9.8
CVE-2022-47003 [CRITICAL] Mura CMS <10.0.580 - Authentication Bypass
Mura CMS <10.0.580 - Authentication Bypass
Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2022-47003
info:
name: Mura CMS <10.0.580 - Authentication Bypass
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the af
Wiz
CVE-2025-67830 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-67830 [CRITICAL] CVE-2025-67830 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67830 :
Mura CMS vulnerability analysis and mitigation
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.
Source : NVD
## 9.8
Score
Published March 18, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Mura CMS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:murasoftware:mura_cms
Sources
Linux Severity CRITICAL Has Fix Added at: Mar 21, 2026
Windows Severity CRITICAL Has Fix Added at: Mar 21, 2026
Linux Severity CRITICAL Has Fix Added at: Mar 22, 2026
Windows Severity CRITICAL Has Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a prioritize
Wiz
CVE-2025-67829 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-67829 [CRITICAL] CVE-2025-67829 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67829 :
Mura CMS vulnerability analysis and mitigation
Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.
Source : NVD
## 9.8
Score
Published March 18, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Mura CMS
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:murasoftware:mura_cms
Sources
Linux Severity CRITICAL Has Fix Added at: Mar 20, 2026
Windows Severity CRITICAL Has Fix Added at: Mar 20, 2026
Linux Severity CRITICAL Has Fix Added at: Mar 22, 2026
Windows Severity CRITICAL Has Fix Added at: Mar 22, 2026
## Get a CVE risk assessment
Get a pri
http://mura.comhttps://hoyahaxa.blogspot.com/2023/01/preliminary-security-advisory.htmlhttps://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.htmlhttps://www.masacms.com/https://www.murasoftware.com/mura-cms/http://mura.comhttps://hoyahaxa.blogspot.com/2023/01/preliminary-security-advisory.htmlhttps://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.htmlhttps://www.masacms.com/https://www.murasoftware.com/mura-cms/
2023-02-01
Published