CVE-2024-8164

A vulnerability, which was classified as critical, has been found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function rename of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the argument new_name leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/DeepMountains/zzz/blob/main/CVE4-2.md Exploit Third Party Advisory
https://vuldb.com/?ctiid.275762 Permissions Required
https://vuldb.com/?id.275762 Third Party Advisory
https://vuldb.com/?submit.393375 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:beikeshop:beikeshop:*:*:*:*:*:*:*:*

History

06 Sep 2024, 22:19

Type Values Removed Values Added
CPE cpe:2.3:a:beikeshop:beikeshop:*:*:*:*:*:*:*:*
First Time Beikeshop
Beikeshop beikeshop
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 8.8
Summary
  • (es) Una vulnerabilidad fue encontrada en Chengdu Everbrite Network Technology BeikeShop hasta 1.5.5 y clasificada como crítica. La función rename del archivo /Admin/Http/Controllers/FileManagerController.php es afectada por esta vulnerabilidad. La manipulación del argumento nuevo_nombre conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
References () https://github.com/DeepMountains/zzz/blob/main/CVE4-2.md - () https://github.com/DeepMountains/zzz/blob/main/CVE4-2.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.275762 - () https://vuldb.com/?ctiid.275762 - Permissions Required
References () https://vuldb.com/?id.275762 - () https://vuldb.com/?id.275762 - Third Party Advisory
References () https://vuldb.com/?submit.393375 - () https://vuldb.com/?submit.393375 - Third Party Advisory

26 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 14:15

Updated : 2024-09-06 22:19


NVD link : CVE-2024-8164

Mitre link : CVE-2024-8164

CVE.ORG link : CVE-2024-8164


JSON object : View

Products Affected

beikeshop

  • beikeshop
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type