Vulnerability Details CVE-2024-8165
A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.4%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2024-8165
-
cpe:2.3:a:beikeshop:beikeshop:-
-
cpe:2.3:a:beikeshop:beikeshop:1.0.0
-
cpe:2.3:a:beikeshop:beikeshop:1.0.1
-
cpe:2.3:a:beikeshop:beikeshop:1.0.2
-
cpe:2.3:a:beikeshop:beikeshop:1.0.3
-
cpe:2.3:a:beikeshop:beikeshop:1.1.0
-
cpe:2.3:a:beikeshop:beikeshop:1.1.1
-
cpe:2.3:a:beikeshop:beikeshop:1.1.2
-
cpe:2.3:a:beikeshop:beikeshop:1.2.0
-
cpe:2.3:a:beikeshop:beikeshop:1.2.5
-
cpe:2.3:a:beikeshop:beikeshop:1.2.8
-
cpe:2.3:a:beikeshop:beikeshop:1.3.0
-
cpe:2.3:a:beikeshop:beikeshop:1.3.2
-
cpe:2.3:a:beikeshop:beikeshop:1.3.4
-
cpe:2.3:a:beikeshop:beikeshop:1.3.5
-
cpe:2.3:a:beikeshop:beikeshop:1.3.6
-
cpe:2.3:a:beikeshop:beikeshop:1.3.7
-
cpe:2.3:a:beikeshop:beikeshop:1.3.8
-
cpe:2.3:a:beikeshop:beikeshop:1.4.0
-
cpe:2.3:a:beikeshop:beikeshop:1.4.1
-
cpe:2.3:a:beikeshop:beikeshop:1.4.2
-
cpe:2.3:a:beikeshop:beikeshop:1.4.3
-
cpe:2.3:a:beikeshop:beikeshop:1.5.0
-
cpe:2.3:a:beikeshop:beikeshop:1.5.4
-
cpe:2.3:a:beikeshop:beikeshop:1.5.4.3
-
cpe:2.3:a:beikeshop:beikeshop:1.5.5