Description
The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install attacker-controlled forms when an authenticated administrator visits a crafted webpage. Full exploitation of this vulnerability would require the victim to select a malicious ZIP file containing form definitions, which can be automatically generated by the exploit page and used to create data collection forms that steal sensitive information. Successful exploitation of the import form CSRF vulnerability could result in the installation of malicious data collection forms on the target MuraCMS website that can steal sensitive user information. When an authenticated administrator visits a malicious webpage containing the CSRF exploit and selects the attacker-generated ZIP file, their browser uploads and installs form definitions that create legitimate forms that could be designed with malicious content.
Published: 2026-03-18
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Form Installation
Action: Patch Now
AI Analysis

Impact

The MuraCMS import form CSRF vulnerability allows an attacker to trick an authenticated administrator into uploading malicious form definitions because the import function does not enforce CSRF validation. A malicious website can forge a file‑upload request that, when the admin visits it, installs attacker‑controlled forms. These forms can be constructed to gather sensitive user data, effectively turning the CMS into a stealth data‑collection platform.

Affected Systems

The vulnerability is present in MuraCMS versions up to 10.1.10, as indicated by the CPE string cpe:2.3:a:murasoftware:mura_cms. The vendor’s release notes for version 10.1.14 indicate that the issue was fixed. Only MuraCMS is affected; no other products appear to be impacted according to the available CNA data.

Risk and Exploitability

The CVSS score of 8.8 classifies this flaw as high severity, while an EPSS score below 1 % suggests that active exploitation is currently rare. The vulnerability is not listed in CISA’s KEV catalog, so no confirmed active attacks are known. Exploitation requires an attacker to host a crafted webpage and deliver a ZIP file containing form definitions; once the administrator’s browser processes this request, the malicious forms are installed and can harvest sensitive data. Consequently, the risk to organizations with exposed or weakly protected admin sessions is moderate to high.

Generated by OpenCVE AI on March 20, 2026 at 19:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade MuraCMS to version 10.1.14 or later to address the CSRF issue.
  • Verify that no unauthorized form definitions exist on the server and remove any that were added without approval.
  • Restrict the importform functionality to trusted administrators only and enable CSRF token validation if possible.
  • Ensure that administrator accounts use strong, unique passwords and enable two‑factor authentication.
  • Conduct a review of all administrative traffic to detect potential CSRF activity and block suspicious requests.

Generated by OpenCVE AI on March 20, 2026 at 19:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Title CSRF Upload Exploit Enables Malicious Form Installation in MuraCMS

Fri, 20 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:murasoftware:mura_cms:-:*:*:*:*:*:*:*

Thu, 19 Mar 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Murasoftware
Murasoftware mura Cms
Vendors & Products Murasoftware
Murasoftware mura Cms

Wed, 18 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-352
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Description The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install attacker-controlled forms when an authenticated administrator visits a crafted webpage. Full exploitation of this vulnerability would require the victim to select a malicious ZIP file containing form definitions, which can be automatically generated by the exploit page and used to create data collection forms that steal sensitive information. Successful exploitation of the import form CSRF vulnerability could result in the installation of malicious data collection forms on the target MuraCMS website that can steal sensitive user information. When an authenticated administrator visits a malicious webpage containing the CSRF exploit and selects the attacker-generated ZIP file, their browser uploads and installs form definitions that create legitimate forms that could be designed with malicious content.
References

Subscriptions

Murasoftware Mura Cms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-18T20:24:57.832Z

Reserved: 2025-08-06T00:00:00.000Z

Link: CVE-2025-55040

cve-icon Vulnrichment

Updated: 2026-03-18T20:22:36.516Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-18T16:16:23.170

Modified: 2026-03-20T18:12:50.813

Link: CVE-2025-55040

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:54:13Z

Weaknesses