Medium severity5.4NVD Advisory· Published Jun 10, 2025· Updated Jun 17, 2026
CVE-2024-57189
CVE-2024-57189
Description
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
erxesnpm | < 1.6.2 | 1.6.2 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/erxes/erxes/commit/d626070a0fcd435ae29e689aca051ccfb440c2f3nvdPatchWEB
- www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-2977-5php-6789ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-57189ghsaADVISORY
- www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservicesghsaWEB
News mentions
0No linked articles in our index yet.