markhuot

1 exploit Active since Apr 2026
CVE-2026-31317 WRITEUP HIGH WRITEUP
CraftQL <=1.3.7 - Server-Side Request Forgery Code Execution
Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file
CVSS 7.5