{"id":"CVE-2022-47002","details":"A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request.","modified":"2026-04-11T12:41:12.730823Z","published":"2023-02-01T14:15:08.873Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:masacms:masacms:7.4.0:alpha1:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.4.0-alpha1"}]},{"cpe":"cpe:2.3:a:masacms:masacms:7.4.0:alpha2:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.4.0-alpha2"}]},{"cpe":"cpe:2.3:a:masacms:masacms:7.4.0:beta1:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.4.0-beta1"}]},{"cpe":"cpe:2.3:a:masacms:masacms:7.4.0:beta2:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"7.4.0-beta2"}]}]},"references":[{"type":"ADVISORY","url":"https://github.com/MasaCMS/MasaCMS/releases/tag/7.3.10"},{"type":"ADVISORY","url":"https://www.hoyahaxa.com/2023/01/preliminary-security-advisory.html"},{"type":"EVIDENCE","url":"https://www.hoyahaxa.com/2023/03/authentication-bypass-mura-masa.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/masacms/masacms","events":[{"introduced":"0"},{"fixed":"ccc903d866a9fbd533281915af4fccb95546cc73"},{"introduced":"484759c901bb04016eb8493d31dcf9dcdf129020"},{"fixed":"be3c014165e18a04858afe4b235e12a7e3352124"}],"database_specific":{"cpe":"cpe:2.3:a:masacms:masacms:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"7.2.5"},{"introduced":"7.3"},{"fixed":"7.3.10"}]}}],"versions":["5.5","6.2.6161","6.2.6527","7.0.6919","7.0.6930","7.0.6967","7.1.107","7.1.110","7.1.111","7.1.117","7.1.123","7.1.124","7.1.131","7.1.142","7.1.161","7.1.163","7.1.164","7.1.177","7.1.178","7.1.189","7.1.190","7.1.204","7.1.241","7.1.250","7.1.257","7.1.264","7.1.280","7.1.281","7.1.310","7.1.322","7.1.323","7.1.333","7.1.341","7.1.343","7.1.344","7.1.348","7.1.353","7.1.363","7.1.383","7.1.389","7.1.393","7.1.408","7.1.415","7.1.426","7.1.427","7.1.428","7.1.431","7.1.432","7.1.433","7.1.435","7.1.457","7.1.464","7.1.472","7.1.496","7.1.75","7.1.79","7.1.83","7.1.84","7.1.85","7.1.89","7.1.92","7.1.96","7.2.0","7.2.2","7.2.3","7.2.4","7.3","7.3.1","7.3.2","7.3.3","7.3.4","7.3.5","7.3.6","7.3.7","7.3.8","7.3.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-47002.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}