Craft CMS SQL Injection vulnerability
CVE-2024-37843

9.8CRITICAL

Key Information:

Vendor: Craftcms
Status: Craft Cms
Vendor: CVE Published:; 25 June 2024

Summary

Craft CMS, developed by Pixel & Tonic, has been identified with a security vulnerability that allows for SQL injection through its GraphQL API endpoint. This flaw can be exploited by unauthorized users, potentially leading to unauthorized access to sensitive data. Proper security measures and updates are necessary to safeguard against exploitation. It is crucial for users of affected versions to update their software to mitigate risks associated with this vulnerability.

References

https://blog.smithsecurity.biz/craft-cms-unauthenticated-...

EPSS Score

77% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2024
Vulnerability Reserved
Jun 10, 2024