Medium severity5.4NVD Advisory· Published Jun 10, 2025· Updated Jun 17, 2026
CVE-2024-57186
CVE-2024-57186
Description
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
erxesnpm | < 1.6.2 | 1.6.2 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/erxes/erxes/commit/d626070a0fcd435ae29e689aca051ccfb440c2f3nvdPatchWEB
- www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-rq9r-qvwg-829qghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-57186ghsaADVISORY
- www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservicesghsaWEB
News mentions
0No linked articles in our index yet.