Analysis and contextual insights are available on OpenCVE Cloud.
Vendor Solution
No solution has been reported as yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 13 Jul 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | CWE-94 |
| Metrics |
cvssV4_0
|
cvssV4_0
|
Mon, 13 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Versions of Mura CMS prior to 10.0.712 contain a critical remote code execution (RCE) vulnerability. The flaw is located in the endpoint “/index.cfm/_api/json/v1/default”, where the “method” parameter in POST requests is not properly validated or sanitised before being processed by the ColdFusion engine. As a result, a remote attacker could exploit this vulnerability to inject and execute arbitrary CFML (ColdFusion Markup Language) expressions and instantiate malicious Java objects, thereby compromising the system’s security. | |
| Title | Remote code execution in Mura Software’s CMS | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: INCIBE
Published:
Updated: 2026-07-13T13:06:34.313Z
Reserved: 2026-06-15T09:03:20.490Z
Link: CVE-2026-12257
Updated: 2026-07-13T13:06:30.915Z
No data.
No data.
OpenCVE Enrichment
No data.