2 matches found
CVE-2024-57189
In Erxes 1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler...
CVE-2024-57189
CVE-2024-57189 affects Erxes versions prior to 1.6.2. A Path Traversal flaw in the importHistoriesCreate GraphQL mutation handler allows an authenticated attacker to write to arbitrary files on the system. Root cause: insufficient input validation of file paths in the mutation handler. Impact is ...