CVE-2024-8163

A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/DeepMountains/zzz/blob/main/CVE4-1.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.275761 Permissions Required
https://vuldb.com/?id.275761 Third Party Advisory
https://vuldb.com/?submit.393374 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:beikeshop:beikeshop:*:*:*:*:*:*:*:*

History

06 Sep 2024, 22:18

Type Values Removed Values Added
References () https://github.com/DeepMountains/zzz/blob/main/CVE4-1.md - () https://github.com/DeepMountains/zzz/blob/main/CVE4-1.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.275761 - () https://vuldb.com/?ctiid.275761 - Permissions Required
References () https://vuldb.com/?id.275761 - () https://vuldb.com/?id.275761 - Third Party Advisory
References () https://vuldb.com/?submit.393374 - () https://vuldb.com/?submit.393374 - Third Party Advisory
CPE cpe:2.3:a:beikeshop:beikeshop:*:*:*:*:*:*:*:*
First Time Beikeshop
Beikeshop beikeshop
CVSS v2 : 5.5
v3 : 5.4
v2 : 5.5
v3 : 8.1
Summary
  • (es) Una vulnerabilidad fue encontrada en Chengdu Everbrite Network Technology BeikeShop hasta 1.5.5 y clasificada como crítica. La función destroyFiles del archivo /admin/file_manager/files es afectada por esta vulnerabilidad. La manipulación de los archivos de argumentos conduce a un path traversal. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

26 Aug 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 13:15

Updated : 2024-09-06 22:18


NVD link : CVE-2024-8163

Mitre link : CVE-2024-8163

CVE.ORG link : CVE-2024-8163


JSON object : View

Products Affected

beikeshop

  • beikeshop
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')