CVE-2024-8165

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8165
A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md Broken Link
https://vuldb.com/?ctiid.275763 Permissions Required
https://vuldb.com/?id.275763 Third Party Advisory
https://vuldb.com/?submit.393376 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:beikeshop:beikeshop:*:*:*:*:*:*:*:*
History

24 Nov 2025, 07:16

Type Values Removed Values Added
Summary (en) A vulnerability, which was classified as problematic, was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function exportZip of the file /admin/file_manager/export. The manipulation of the argument path leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. (en) A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.
CVSS v2 : 4.0
v3 : 6.5 		v2 : 4.0
v3 : 4.3

06 Sep 2024, 22:20

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en Chengdu Everbrite Network Technology BeikeShop hasta 1.5.5 y clasificada como problemática. Esto afecta a la función exportZip del archivo /admin/file_manager/export. La manipulación del camino del argumento conduce al path traversal. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.
First Time Beikeshop
Beikeshop beikeshop
References () https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md - () https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md - Broken Link
References () https://vuldb.com/?ctiid.275763 - () https://vuldb.com/?ctiid.275763 - Permissions Required
References () https://vuldb.com/?id.275763 - () https://vuldb.com/?id.275763 - Third Party Advisory
References () https://vuldb.com/?submit.393376 - () https://vuldb.com/?submit.393376 - Third Party Advisory
CPE cpe:2.3:a:beikeshop:beikeshop:*:*:*:*:*:*:*:*
CVSS v2 : 4.0
v3 : 4.3 		v2 : 4.0
v3 : 6.5

26 Aug 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-26 14:15

Updated : 2025-11-24 07:16

NVD link : CVE-2024-8165

Mitre link : CVE-2024-8165

CVE.ORG link : CVE-2024-8165

JSON object : View

Products Affected

beikeshop

  • beikeshop
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')