Hacking Apple - SQL Injection to Remote Code Execution
Summary
The article documents a pre-auth SQL injection vulnerability in Masa/Mura CMS that enables remote code execution via the JSON API, detailing sink-to-source tracing, exploitation steps, and PoC, as well as detection approaches using Nuclei templates and responsible disclosure to Apple and CMS teams.