CVE-2024-37843 PoC — CraftCMS 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-37843.yaml

Associated Vulnerability

Title:CraftCMS 安全漏洞 (CVE-2024-37843)
Description:CraftCMS是CraftCMS公司的一个内容管理系统。 CraftCMS v3.7.31版本及之前版本存在安全漏洞。攻击者利用该漏洞通过 GraphQL API 端点执行 SQL 注入攻击。

Description

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

File Snapshot


 id: CVE-2024-37843

info:
  name: Craft CMS <=v3.7.31 - SQL Injection
  author: iamnoooob,rootxharsh

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!