Project Subscriptions
No data.
No advisories yet.
Solution
No solution has been reported as yet.
Workaround
No workaround given by the vendor.
Mon, 13 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | CWE-94 |
| Metrics |
cvssV4_0
|
cvssV4_0
|
Mon, 13 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution (RCE) vulnerability. The flaw is located in the endpoint “/index.cfm/_api/json/v1/default”, where the “method” parameter in POST requests is not properly validated or sanitised before being processed by the ColdFusion engine. As a result, a remote attacker could exploit this vulnerability to inject and execute arbitrary CFML (ColdFusion Markup Language) expressions and instantiate malicious Java objects, thereby compromising the system’s security. | |
| Title | Remote code execution in Mura Software’s CMS | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: INCIBE
Published:
Updated: 2026-07-13T13:06:34.313Z
Reserved: 2026-06-15T09:03:20.490Z
Link: CVE-2026-12257
Updated: 2026-07-13T13:06:30.915Z
No data.
No data.
OpenCVE Enrichment
No data.