cve/CVE-2024-37843.md at a8969e132322a214e7b78da5711159d6f891f0ab - cve - 临风笛

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 3e58935392 Update CVE sources 2024-08-10 19:04

2024-08-10 19:04:30 +00:00

670 B

Raw Blame History

CVE-2024-37843

Description

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

POC

Reference

https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql

Github