gerelsukh

2 exploits Active since Jun 2025
CVE-2024-57186 WRITEUP MEDIUM WRITEUP
erxes < 1.6.2 - Unauthenticated Path Traversal via /read-file Endpoint
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
CVSS 5.4
CVE-2024-57189 WRITEUP MEDIUM WRITEUP
erxes < 1.6.2 - Authenticated Path Traversal and Arbitrary File Write via importHistoriesCreate GraphQL Mutation
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
CVSS 5.4