Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-37843 — SQL Injection in Craft CMS

Severity

9.8CRITICALNVD

EPSS

89.4%

top 0.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedJun 25

Description

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶Packagistcraftcms/cms3.7.31

OSV

Craft CMS SQL injection vulnerability via the GraphQL API endpoint↗2024-06-25

▶

CVEList

CVE-2024-37843: Craft CMS up to v3↗2024-06-25

▶

GHSA

Craft CMS SQL injection vulnerability via the GraphQL API endpoint↗2024-06-25

▶

Nuclei

Craft CMS <=v3.7.31 - SQL Injection

▶