CRITICAL🇵🇱 Wersja polska

CVE-2024-37843

CVSS 9.8v3.1pub. 2024-06-25upd. 2024-11-21

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.

🤖 AI Analysis
How it works

An attacker sends a properly crafted GraphQL query to the public API endpoint, injecting malicious SQL code. Lack of proper validation and sanitization of input data allows execution of arbitrary SQL commands in the context of the application database. The attack does not require possession of an account or any permissions in the system.

Impact

An attacker can obtain unauthorized access to data stored in the database, modify or delete its contents, and under favorable configuration conditions - execute system commands on the server.

Mitigation & patch

Craft CMS should be updated to a version higher than 3.7.31. Patches available from the vendor should be applied according to references. As a temporary workaround, consider restricting access to the GraphQL API endpoint at the firewall or network layer.

Who is affected

Craft CMS in versions up to and including 3.7.31.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Craftcms Craft Cms

    APP
    Craftcms
    < 3.7.31
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-32432CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Krytyczny RCE w Craft CMS — zdalne wykonanie kodu bez uwierzytelnienia

CVE-2024-56145CRITICAL9.3⚠ KEVPL ✓ten sam produkt

RCE w Craft CMS przez nieprawidłową konfigurację register_argc_argv

CVE-2026-28697CRITICAL9.4PL ✓ten sam produkt

Craft CMS: RCE przez SSTI w polach szablonów Twig

CVE-2026-28783CRITICAL9.4PL ✓ten sam produkt

Craft CMS: obejście bloklisty PHP w silniku Twig umożliwia RCE

CVE-2023-41892CRITICAL10.0ten sam produkt

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector....