cve/CVE-2024-37843.md at d6bcaa53f24d3df2dbf6336b03d1d66a29e9f0f3 - cve - 临风笛

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

614 B

Raw Blame History

CVE-2024-37843

Description

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

POC

Reference

https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql

Github

https://github.com/nomi-sec/PoC-in-GitHub