CVE-2024-8163 | Chengdu Everbrite Network Technology BeikeShop up to 1.5.5 files destroyFiles path traversal

Inserito da Angelo Barbosa | Ago 26, 2024 | CVE

A vulnerability classified as critical was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this vulnerability is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files leads to path traversal.

This vulnerability is known as CVE-2024-8163. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-8163 | Chengdu Everbrite Network Technology BeikeShop up to 1.5.5 files destroyFiles path traversal

Post correlati

CVE-2024-24550 | Bludit 3.14.0 File API command injection

CVE-2024-37382 | Ab Initio Metadata Hub and Authorization Gateway up to 4.3.1.0 Server Configuration improper authorization

CVE-2024-4255 | Ruijie RG-UAC up to 20240419 gre_edit_commit.php name os command injection

CVE-2023-48698 | azure-rtos usbx up to 6.2.1 unusual condition (GHSA-grhp-f66q-x857)