VYPR

Erxes

by Erxes

npm: erxes

Source repositories

CVEs (3)

  • CVE-2024-57190CriJun 10, 2025
    risk 0.57cvss 9.8epss 0.01

    Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.

  • CVE-2024-57189MedJun 10, 2025
    risk 0.28cvss 5.4epss 0.00

    In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.

  • CVE-2024-57186MedJun 10, 2025
    risk 0.28cvss 5.4epss 0.00

    In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.