CVE-2024-8165
MEDIUMChengdu Everbrite Network Technology BeikeShop <1.5.5 - Path Traversal
Title source: llmDescription
A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.
References (4)
Core 4
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.275763
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.275763
Third Party Advisory third-party-advisory
https://vuldb.com/?submit.393376
Broken Link exploit
https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md
Scores
CVSS v3
4.3
EPSS
0.0056
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
beikeshop/beikeshop
< 1.5.5
Published
Aug 26, 2024
Tracked Since
Feb 18, 2026