CVE-2024-8164

Summary

A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded.

Affected Software

VendorProductVersion RangeStatus
Chengdu Everbrite Network TechnologyBeikeShop1.5.0affected
Chengdu Everbrite Network TechnologyBeikeShop1.5.1affected
Chengdu Everbrite Network TechnologyBeikeShop1.5.2affected
Chengdu Everbrite Network TechnologyBeikeShop1.5.3affected
Chengdu Everbrite Network TechnologyBeikeShop1.5.4affected
Chengdu Everbrite Network TechnologyBeikeShop1.5.5affected
Chengdu Everbrite Network TechnologyBeikeShop1.6.0unaffected

Weaknesses

  • CWE-434: Unrestricted Upload
  • CWE-284: Improper Access Controls

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References