Описание
Erxes Path Traversal vulnerability
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
Пакеты
Наименование
erxes
npm
Затронутые версииВерсия исправления
< 1.6.2
1.6.2
Связанные уязвимости
CVSS3: 5.4
nvd
8 месяцев назад
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.