Search

Find a vulnerability

Search criteria

    10 vulnerabilities by Chengdu Everbrite Network Technology

    CVE-2026-11480 (GCVE-0-2026-11480)

    Vulnerability from nvd – Published: 2026-06-08 02:30 – Updated: 2026-06-08 16:32 X_Open Source
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection
    Summary
    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 2fa9805411088069fcc3b0c15b2f1f33d6e09958. To fix this issue, it is recommended to deploy a patch.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.6.0.0
    Affected: 1.6.0.1
    Affected: 1.6.0.2
    Affected: 1.6.0.3
    Affected: 1.6.0.4
    Affected: 1.6.0.5
    Affected: 1.6.0.6
    Affected: 1.6.0.7
    Affected: 1.6.0.8
    Affected: 1.6.0.9
    Affected: 1.6.0.10
    Affected: 1.6.0.11
    Affected: 1.6.0.12
    Affected: 1.6.0.13
    Affected: 1.6.0.14
    Affected: 1.6.0.15
    Affected: 1.6.0.16
    Affected: 1.6.0.17
    Affected: 1.6.0.18
    Affected: 1.6.0.19
    Affected: 1.6.0.20
    Affected: 1.6.0.21
    Affected: 1.6.0.22
        cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    6dAksIAdf4bjuJIv8MWq (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11480",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T13:00:45.863398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T16:32:41.231Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Admin Design Builder Endpoint"
              ],
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "6dAksIAdf4bjuJIv8MWq (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 2fa9805411088069fcc3b0c15b2f1f33d6e09958. To fix this issue, it is recommended to deploy a patch."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T02:30:11.142Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369100 | Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369100"
            },
            {
              "name": "VDB-369100 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369100/cti"
            },
            {
              "name": "CVE-2026-11480 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11480"
            },
            {
              "name": "Submit #833973 | beikeshop 1.6.0.22 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/833973"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://anonymous.4open.science/r/beikeshop-4B75/second-order-sqli-report.md"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/beikeshop/beikeshop/commit/2fa9805411088069fcc3b0c15b2f1f33d6e09958"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T11:58:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11480",
        "datePublished": "2026-06-08T02:30:11.142Z",
        "dateReserved": "2026-06-07T09:53:15.168Z",
        "dateUpdated": "2026-06-08T16:32:41.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11462 (GCVE-0-2026-11462)

    Vulnerability from nvd – Published: 2026-06-07 22:00 – Updated: 2026-06-08 12:15 X_Open Source
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization
    Summary
    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.6.0.0
    Affected: 1.6.0.1
    Affected: 1.6.0.2
    Affected: 1.6.0.3
    Affected: 1.6.0.4
    Affected: 1.6.0.5
    Affected: 1.6.0.6
    Affected: 1.6.0.7
    Affected: 1.6.0.8
    Affected: 1.6.0.9
    Affected: 1.6.0.10
    Affected: 1.6.0.11
    Affected: 1.6.0.12
    Affected: 1.6.0.13
    Affected: 1.6.0.14
    Affected: 1.6.0.15
    Affected: 1.6.0.16
    Affected: 1.6.0.17
    Affected: 1.6.0.18
    Affected: 1.6.0.19
    Affected: 1.6.0.20
    Affected: 1.6.0.21
    Affected: 1.6.0.22
        cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11462",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T11:10:10.863921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T12:15:15.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Stripe Plugin"
              ],
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T22:00:13.496Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369082 | Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369082"
            },
            {
              "name": "VDB-369082 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369082/cti"
            },
            {
              "name": "CVE-2026-11462 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11462"
            },
            {
              "name": "Submit #831466 | BeikeShop 1.6.0 Design/Logic Flaw",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/831466"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/BeikeShop-Vulnerability/blob/main/README.md"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/beikeshop/beikeshop/commit/6719e0fc690ea0a998452092862e0f0a17c65968"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T09:37:27.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11462",
        "datePublished": "2026-06-07T22:00:13.496Z",
        "dateReserved": "2026-06-07T07:32:23.691Z",
        "dateUpdated": "2026-06-08T12:15:15.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8165 (GCVE-0-2024-8165)

    Vulnerability from nvd – Published: 2024-08-26 14:00 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal
    Summary
    A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275763 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275763 signaturepermissions-required
    https://vuldb.com/?submit.393376 third-party-advisory
    https://github.com/DeepMountains/Mirage/blob/main… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T16:15:18.702895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T16:23:24.075Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:52.268Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275763 | Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275763"
            },
            {
              "name": "VDB-275763 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275763"
            },
            {
              "name": "Submit #393376 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Download",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393376"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8165",
        "datePublished": "2024-08-26T14:00:06.012Z",
        "dateReserved": "2024-08-26T07:22:19.235Z",
        "dateUpdated": "2025-11-24T06:20:52.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8164 (GCVE-0-2024-8164)

    Vulnerability from nvd – Published: 2024-08-26 13:31 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload
    Summary
    A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275762 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275762 signaturepermissions-required
    https://vuldb.com/?submit.393375 third-party-advisory
    https://github.com/DeepMountains/zzz/blob/main/CV… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    beikeshop chengdu_everbrite_network_technology Affected: 1.5.0 , ≤ 1.5.5 (custom)
        cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "chengdu_everbrite_network_technology",
                "vendor": "beikeshop",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.5",
                    "status": "affected",
                    "version": "1.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8164",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T14:55:20.822034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T14:56:52.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:49.733Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275762 | Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275762"
            },
            {
              "name": "VDB-275762 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275762"
            },
            {
              "name": "Submit #393375 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 FileUpload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393375"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-2.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8164",
        "datePublished": "2024-08-26T13:31:04.258Z",
        "dateReserved": "2024-08-26T07:22:16.655Z",
        "dateUpdated": "2025-11-24T06:20:49.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8163 (GCVE-0-2024-8163)

    Vulnerability from nvd – Published: 2024-08-26 13:00 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal
    Summary
    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275761 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275761 signaturepermissions-required
    https://vuldb.com/?submit.393374 third-party-advisory
    https://github.com/DeepMountains/zzz/blob/main/CV… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    chengdu_everbrite_network_technology beike_shop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
        cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "beike_shop",
                "vendor": "chengdu_everbrite_network_technology",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.5.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.2"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.3"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.4"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8163",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T14:59:27.343838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T15:03:51.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:40.634Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275761 | Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275761"
            },
            {
              "name": "VDB-275761 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275761"
            },
            {
              "name": "Submit #393374 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Deletion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393374"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8163",
        "datePublished": "2024-08-26T13:00:11.158Z",
        "dateReserved": "2024-08-26T07:22:14.393Z",
        "dateUpdated": "2025-11-24T06:20:40.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11480 (GCVE-0-2026-11480)

    Vulnerability from cvelistv5 – Published: 2026-06-08 02:30 – Updated: 2026-06-08 16:32 X_Open Source
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection
    Summary
    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 2fa9805411088069fcc3b0c15b2f1f33d6e09958. To fix this issue, it is recommended to deploy a patch.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.6.0.0
    Affected: 1.6.0.1
    Affected: 1.6.0.2
    Affected: 1.6.0.3
    Affected: 1.6.0.4
    Affected: 1.6.0.5
    Affected: 1.6.0.6
    Affected: 1.6.0.7
    Affected: 1.6.0.8
    Affected: 1.6.0.9
    Affected: 1.6.0.10
    Affected: 1.6.0.11
    Affected: 1.6.0.12
    Affected: 1.6.0.13
    Affected: 1.6.0.14
    Affected: 1.6.0.15
    Affected: 1.6.0.16
    Affected: 1.6.0.17
    Affected: 1.6.0.18
    Affected: 1.6.0.19
    Affected: 1.6.0.20
    Affected: 1.6.0.21
    Affected: 1.6.0.22
        cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    6dAksIAdf4bjuJIv8MWq (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11480",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T13:00:45.863398Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T16:32:41.231Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Admin Design Builder Endpoint"
              ],
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "6dAksIAdf4bjuJIv8MWq (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 2fa9805411088069fcc3b0c15b2f1f33d6e09958. To fix this issue, it is recommended to deploy a patch."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-08T02:30:11.142Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369100 | Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369100"
            },
            {
              "name": "VDB-369100 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369100/cti"
            },
            {
              "name": "CVE-2026-11480 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11480"
            },
            {
              "name": "Submit #833973 | beikeshop 1.6.0.22 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/833973"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://anonymous.4open.science/r/beikeshop-4B75/second-order-sqli-report.md"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/beikeshop/beikeshop/commit/2fa9805411088069fcc3b0c15b2f1f33d6e09958"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T11:58:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11480",
        "datePublished": "2026-06-08T02:30:11.142Z",
        "dateReserved": "2026-06-07T09:53:15.168Z",
        "dateUpdated": "2026-06-08T16:32:41.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11462 (GCVE-0-2026-11462)

    Vulnerability from cvelistv5 – Published: 2026-06-07 22:00 – Updated: 2026-06-08 12:15 X_Open Source
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization
    Summary
    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.6.0.0
    Affected: 1.6.0.1
    Affected: 1.6.0.2
    Affected: 1.6.0.3
    Affected: 1.6.0.4
    Affected: 1.6.0.5
    Affected: 1.6.0.6
    Affected: 1.6.0.7
    Affected: 1.6.0.8
    Affected: 1.6.0.9
    Affected: 1.6.0.10
    Affected: 1.6.0.11
    Affected: 1.6.0.12
    Affected: 1.6.0.13
    Affected: 1.6.0.14
    Affected: 1.6.0.15
    Affected: 1.6.0.16
    Affected: 1.6.0.17
    Affected: 1.6.0.18
    Affected: 1.6.0.19
    Affected: 1.6.0.20
    Affected: 1.6.0.21
    Affected: 1.6.0.22
        cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11462",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T11:10:10.863921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T12:15:15.350Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Stripe Plugin"
              ],
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.6.0.0"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.1"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.2"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.3"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.4"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.5"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.6"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.7"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.8"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.9"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.10"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.11"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.12"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.13"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.14"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.15"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.16"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.17"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.18"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.19"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.20"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.21"
                },
                {
                  "status": "affected",
                  "version": "1.6.0.22"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-07T22:00:13.496Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-369082 | Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/369082"
            },
            {
              "name": "VDB-369082 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/369082/cti"
            },
            {
              "name": "CVE-2026-11462 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-11462"
            },
            {
              "name": "Submit #831466 | BeikeShop 1.6.0 Design/Logic Flaw",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/831466"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/BeikeShop-Vulnerability/blob/main/README.md"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/beikeshop/beikeshop/commit/6719e0fc690ea0a998452092862e0f0a17c65968"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-07T09:37:27.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-11462",
        "datePublished": "2026-06-07T22:00:13.496Z",
        "dateReserved": "2026-06-07T07:32:23.691Z",
        "dateUpdated": "2026-06-08T12:15:15.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8165 (GCVE-0-2024-8165)

    Vulnerability from cvelistv5 – Published: 2024-08-26 14:00 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal
    Summary
    A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275763 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275763 signaturepermissions-required
    https://vuldb.com/?submit.393376 third-party-advisory
    https://github.com/DeepMountains/Mirage/blob/main… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T16:15:18.702895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T16:23:24.075Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:52.268Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275763 | Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275763"
            },
            {
              "name": "VDB-275763 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275763"
            },
            {
              "name": "Submit #393376 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Download",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393376"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8165",
        "datePublished": "2024-08-26T14:00:06.012Z",
        "dateReserved": "2024-08-26T07:22:19.235Z",
        "dateUpdated": "2025-11-24T06:20:52.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8164 (GCVE-0-2024-8164)

    Vulnerability from cvelistv5 – Published: 2024-08-26 13:31 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload
    Summary
    A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275762 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275762 signaturepermissions-required
    https://vuldb.com/?submit.393375 third-party-advisory
    https://github.com/DeepMountains/zzz/blob/main/CV… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    beikeshop chengdu_everbrite_network_technology Affected: 1.5.0 , ≤ 1.5.5 (custom)
        cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "chengdu_everbrite_network_technology",
                "vendor": "beikeshop",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.5",
                    "status": "affected",
                    "version": "1.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8164",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T14:55:20.822034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T14:56:52.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:49.733Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275762 | Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275762"
            },
            {
              "name": "VDB-275762 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275762"
            },
            {
              "name": "Submit #393375 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 FileUpload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393375"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-2.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8164",
        "datePublished": "2024-08-26T13:31:04.258Z",
        "dateReserved": "2024-08-26T07:22:16.655Z",
        "dateUpdated": "2025-11-24T06:20:49.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8163 (GCVE-0-2024-8163)

    Vulnerability from cvelistv5 – Published: 2024-08-26 13:00 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal
    Summary
    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275761 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275761 signaturepermissions-required
    https://vuldb.com/?submit.393374 third-party-advisory
    https://github.com/DeepMountains/zzz/blob/main/CV… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    chengdu_everbrite_network_technology beike_shop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
        cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "beike_shop",
                "vendor": "chengdu_everbrite_network_technology",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.5.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.2"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.3"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.4"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8163",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T14:59:27.343838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T15:03:51.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:40.634Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275761 | Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275761"
            },
            {
              "name": "VDB-275761 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275761"
            },
            {
              "name": "Submit #393374 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Deletion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393374"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8163",
        "datePublished": "2024-08-26T13:00:11.158Z",
        "dateReserved": "2024-08-26T07:22:14.393Z",
        "dateUpdated": "2025-11-24T06:20:40.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }