Search

Find a vulnerability

Search criteria

    6 vulnerabilities by beikeshop

    CVE-2024-8165 (GCVE-0-2024-8165)

    Vulnerability from nvd – Published: 2024-08-26 14:00 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal
    Summary
    A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275763 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275763 signaturepermissions-required
    https://vuldb.com/?submit.393376 third-party-advisory
    https://github.com/DeepMountains/Mirage/blob/main… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T16:15:18.702895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T16:23:24.075Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:52.268Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275763 | Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275763"
            },
            {
              "name": "VDB-275763 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275763"
            },
            {
              "name": "Submit #393376 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Download",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393376"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8165",
        "datePublished": "2024-08-26T14:00:06.012Z",
        "dateReserved": "2024-08-26T07:22:19.235Z",
        "dateUpdated": "2025-11-24T06:20:52.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8164 (GCVE-0-2024-8164)

    Vulnerability from nvd – Published: 2024-08-26 13:31 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload
    Summary
    A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275762 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275762 signaturepermissions-required
    https://vuldb.com/?submit.393375 third-party-advisory
    https://github.com/DeepMountains/zzz/blob/main/CV… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    beikeshop chengdu_everbrite_network_technology Affected: 1.5.0 , ≤ 1.5.5 (custom)
        cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "chengdu_everbrite_network_technology",
                "vendor": "beikeshop",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.5",
                    "status": "affected",
                    "version": "1.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8164",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T14:55:20.822034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T14:56:52.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:49.733Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275762 | Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275762"
            },
            {
              "name": "VDB-275762 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275762"
            },
            {
              "name": "Submit #393375 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 FileUpload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393375"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-2.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8164",
        "datePublished": "2024-08-26T13:31:04.258Z",
        "dateReserved": "2024-08-26T07:22:16.655Z",
        "dateUpdated": "2025-11-24T06:20:49.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8163 (GCVE-0-2024-8163)

    Vulnerability from nvd – Published: 2024-08-26 13:00 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal
    Summary
    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275761 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275761 signaturepermissions-required
    https://vuldb.com/?submit.393374 third-party-advisory
    https://github.com/DeepMountains/zzz/blob/main/CV… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    chengdu_everbrite_network_technology beike_shop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
        cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "beike_shop",
                "vendor": "chengdu_everbrite_network_technology",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.5.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.2"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.3"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.4"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8163",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T14:59:27.343838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T15:03:51.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:40.634Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275761 | Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275761"
            },
            {
              "name": "VDB-275761 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275761"
            },
            {
              "name": "Submit #393374 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Deletion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393374"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8163",
        "datePublished": "2024-08-26T13:00:11.158Z",
        "dateReserved": "2024-08-26T07:22:14.393Z",
        "dateUpdated": "2025-11-24T06:20:40.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8165 (GCVE-0-2024-8165)

    Vulnerability from cvelistv5 – Published: 2024-08-26 14:00 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal
    Summary
    A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275763 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275763 signaturepermissions-required
    https://vuldb.com/?submit.393376 third-party-advisory
    https://github.com/DeepMountains/Mirage/blob/main… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8165",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T16:15:18.702895Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T16:23:24.075Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:52.268Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275763 | Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275763"
            },
            {
              "name": "VDB-275763 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275763"
            },
            {
              "name": "Submit #393376 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Download",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393376"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8165",
        "datePublished": "2024-08-26T14:00:06.012Z",
        "dateReserved": "2024-08-26T07:22:19.235Z",
        "dateUpdated": "2025-11-24T06:20:52.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8164 (GCVE-0-2024-8164)

    Vulnerability from cvelistv5 – Published: 2024-08-26 13:31 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload
    Summary
    A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275762 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275762 signaturepermissions-required
    https://vuldb.com/?submit.393375 third-party-advisory
    https://github.com/DeepMountains/zzz/blob/main/CV… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    beikeshop chengdu_everbrite_network_technology Affected: 1.5.0 , ≤ 1.5.5 (custom)
        cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "chengdu_everbrite_network_technology",
                "vendor": "beikeshop",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.5",
                    "status": "affected",
                    "version": "1.5.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8164",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T14:55:20.822034Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T14:56:52.291Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:49.733Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275762 | Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275762"
            },
            {
              "name": "VDB-275762 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275762"
            },
            {
              "name": "Submit #393375 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 FileUpload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393375"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-2.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8164",
        "datePublished": "2024-08-26T13:31:04.258Z",
        "dateReserved": "2024-08-26T07:22:16.655Z",
        "dateUpdated": "2025-11-24T06:20:49.733Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-8163 (GCVE-0-2024-8163)

    Vulnerability from cvelistv5 – Published: 2024-08-26 13:00 – Updated: 2025-11-24 06:20
    VLAI
    Title
    Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal
    Summary
    A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.275761 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.275761 signaturepermissions-required
    https://vuldb.com/?submit.393374 third-party-advisory
    https://github.com/DeepMountains/zzz/blob/main/CV… exploit
    Impacted products
    Vendor Product Version
    Chengdu Everbrite Network Technology BeikeShop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
    Unaffected: 1.6.0
    Create a notification for this product.
    chengdu_everbrite_network_technology beike_shop Affected: 1.5.0
    Affected: 1.5.1
    Affected: 1.5.2
    Affected: 1.5.3
    Affected: 1.5.4
    Affected: 1.5.5
        cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    wanglun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "beike_shop",
                "vendor": "chengdu_everbrite_network_technology",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.5.0"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.1"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.2"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.3"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.4"
                  },
                  {
                    "status": "affected",
                    "version": "1.5.5"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-8163",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-26T14:59:27.343838Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-26T15:03:51.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BeikeShop",
              "vendor": "Chengdu Everbrite Network Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.5.0"
                },
                {
                  "status": "affected",
                  "version": "1.5.1"
                },
                {
                  "status": "affected",
                  "version": "1.5.2"
                },
                {
                  "status": "affected",
                  "version": "1.5.3"
                },
                {
                  "status": "affected",
                  "version": "1.5.4"
                },
                {
                  "status": "affected",
                  "version": "1.5.5"
                },
                {
                  "status": "unaffected",
                  "version": "1.6.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "wanglun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-24T06:20:40.634Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-275761 | Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.275761"
            },
            {
              "name": "VDB-275761 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.275761"
            },
            {
              "name": "Submit #393374 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Deletion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.393374"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-1.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-08-26T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-08-26T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-11-24T07:25:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-8163",
        "datePublished": "2024-08-26T13:00:11.158Z",
        "dateReserved": "2024-08-26T07:22:14.393Z",
        "dateUpdated": "2025-11-24T06:20:40.634Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }