.. / CVE-2024-37843

Exploit for Craft CMS <=v3.7.31 - SQL Injection (CVE-2024-37843)

Description:

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-37843.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-37843.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-37843
https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
https://github.com/gsmith257-cyber/CVE-2024-37843-POC