CVE-2024-37843
CRITICAL NUCLEICraftcms Craft Cms < 3.7.31 - SQL Injection
Title source: ruleDescription
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
Exploits (1)
nomisec
WORKING POC
4 stars
by gsmith257-cyber · poc
https://github.com/gsmith257-cyber/CVE-2024-37843-POC
Nuclei Templates (1)
Craft CMS <=v3.7.31 - SQL Injection
CRITICALby iamnoooob,rootxharsh,pdresearch
Shodan:
cpe:"cpe:2.3:a:craftcms:craft_cms" || http.html:"craftcms" || http.favicon.hash:"-47932290" || X-Powered-By: Craft CMS
FOFA:
body=craftcms || icon_hash=-47932290
Scores
CVSS v3
9.8
EPSS
0.8943
EPSS Percentile
99.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (2)
craftcms/cms
0Packagist
craftcms/craft_cms
< 3.7.31
Published
Jun 25, 2024
Tracked Since
Feb 18, 2026