CVE-2024-57186
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| erxes | erxes | to 1.6.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-57186 is a path traversal vulnerability in Erxes versions prior to 1.6.2. It allows an unauthenticated attacker to read arbitrary files on the system by exploiting the /read-file endpoint. The vulnerability arises because user-supplied input is used unsafely to construct filesystem paths without proper sanitization, enabling attackers to use relative path sequences (like ../) to access sensitive files outside the intended directories. [2]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized disclosure of sensitive files such as environment variables containing database credentials. Attackers can leak secrets, escalate privileges, and as part of a chain of vulnerabilities, potentially achieve remote code execution on the Erxes instance. This can lead to full administrative control, modification of critical service files, and execution of arbitrary code on the server. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the /read-file endpoint with path traversal payloads in the 'key' parameter, such as '../' sequences to read arbitrary files. For example, sending HTTP requests to the /read-file endpoint with crafted 'key' values to see if unauthorized files can be read. Network monitoring for unusual requests to /read-file with suspicious parameters can also help detect exploitation attempts. Specific commands could include using curl to test the endpoint, e.g.: curl -v 'http://<target>/read-file?key=../../../../etc/passwd' to check if the file is returned. Additionally, monitoring logs for such requests or unexpected file access patterns is recommended. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Erxes to version 1.6.3 or later, which contains patches that sanitize file names and remove unsafe user headers to prevent authentication bypass and path traversal. Additionally, removing or blocking access to the /read-file endpoint for unauthenticated users, implementing input validation and sanitization on file path parameters, and monitoring for suspicious activity related to file access are recommended. Applying the official patch that sanitizes filenames on upload and read operations will prevent exploitation of this vulnerability. [1, 2]