Vulnerability in N/a

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

EPSS: 0.894 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql

Frequently asked questions

What is CVE-2024-37843?: CVE-2024-37843 is a vulnerability in N/a. Published 2024-06-25.
Is CVE-2024-37843 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.