A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function exportZip of the file /admin/file_manager/export. The manipulation of the argument path leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
History

Fri, 06 Sep 2024 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Beikeshop
Beikeshop beikeshop
CPEs cpe:2.3:a:beikeshop:beikeshop:*:*:*:*:*:*:*:*
Vendors & Products Beikeshop
Beikeshop beikeshop

Mon, 26 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 26 Aug 2024 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function exportZip of the file /admin/file_manager/export. The manipulation of the argument path leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal
Weaknesses CWE-22
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:P/I:N/A:N'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-26T14:00:06.012Z

Updated: 2024-08-26T16:23:24.075Z

Reserved: 2024-08-26T07:22:19.235Z

Link: CVE-2024-8165

cve-icon Vulnrichment

Updated: 2024-08-26T16:23:18.436Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-26T14:15:08.337

Modified: 2024-09-06T22:20:41.553

Link: CVE-2024-8165

cve-icon Redhat

No data.