Dulguun Otgon

1 exploit Active since Jun 2025
CVE-2024-57190 WRITEUP CRITICAL WRITEUP
erxes < 1.6.1 - Unauthenticated Authentication Bypass via User HTTP Header
Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.
CVSS 9.8