Search criteria
5 vulnerabilities by Chengdu Everbrite Network Technology
CVE-2026-11480 (GCVE-0-2026-11480)
Vulnerability from cvelistv5 – Published: 2026-06-08 02:30 – Updated: 2026-06-08 16:32 X_Open Source
VLAI
Title
Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection
Summary
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 2fa9805411088069fcc3b0c15b2f1f33d6e09958. To fix this issue, it is recommended to deploy a patch.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369100 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369100/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11480 | third-party-advisory |
| https://vuldb.com/submit/833973 | third-party-advisory |
| https://anonymous.4open.science/r/beikeshop-4B75/… | exploit |
| https://github.com/beikeshop/beikeshop/commit/2fa… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Chengdu Everbrite Network Technology | BeikeShop |
Affected:
1.6.0.0
Affected: 1.6.0.1 Affected: 1.6.0.2 Affected: 1.6.0.3 Affected: 1.6.0.4 Affected: 1.6.0.5 Affected: 1.6.0.6 Affected: 1.6.0.7 Affected: 1.6.0.8 Affected: 1.6.0.9 Affected: 1.6.0.10 Affected: 1.6.0.11 Affected: 1.6.0.12 Affected: 1.6.0.13 Affected: 1.6.0.14 Affected: 1.6.0.15 Affected: 1.6.0.16 Affected: 1.6.0.17 Affected: 1.6.0.18 Affected: 1.6.0.19 Affected: 1.6.0.20 Affected: 1.6.0.21 Affected: 1.6.0.22 cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11480",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T13:00:45.863398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:32:41.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*"
],
"modules": [
"Admin Design Builder Endpoint"
],
"product": "BeikeShop",
"vendor": "Chengdu Everbrite Network Technology",
"versions": [
{
"status": "affected",
"version": "1.6.0.0"
},
{
"status": "affected",
"version": "1.6.0.1"
},
{
"status": "affected",
"version": "1.6.0.2"
},
{
"status": "affected",
"version": "1.6.0.3"
},
{
"status": "affected",
"version": "1.6.0.4"
},
{
"status": "affected",
"version": "1.6.0.5"
},
{
"status": "affected",
"version": "1.6.0.6"
},
{
"status": "affected",
"version": "1.6.0.7"
},
{
"status": "affected",
"version": "1.6.0.8"
},
{
"status": "affected",
"version": "1.6.0.9"
},
{
"status": "affected",
"version": "1.6.0.10"
},
{
"status": "affected",
"version": "1.6.0.11"
},
{
"status": "affected",
"version": "1.6.0.12"
},
{
"status": "affected",
"version": "1.6.0.13"
},
{
"status": "affected",
"version": "1.6.0.14"
},
{
"status": "affected",
"version": "1.6.0.15"
},
{
"status": "affected",
"version": "1.6.0.16"
},
{
"status": "affected",
"version": "1.6.0.17"
},
{
"status": "affected",
"version": "1.6.0.18"
},
{
"status": "affected",
"version": "1.6.0.19"
},
{
"status": "affected",
"version": "1.6.0.20"
},
{
"status": "affected",
"version": "1.6.0.21"
},
{
"status": "affected",
"version": "1.6.0.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "6dAksIAdf4bjuJIv8MWq (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 2fa9805411088069fcc3b0c15b2f1f33d6e09958. To fix this issue, it is recommended to deploy a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T02:30:11.142Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369100 | Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369100"
},
{
"name": "VDB-369100 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369100/cti"
},
{
"name": "CVE-2026-11480 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11480"
},
{
"name": "Submit #833973 | beikeshop 1.6.0.22 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/833973"
},
{
"tags": [
"exploit"
],
"url": "https://anonymous.4open.science/r/beikeshop-4B75/second-order-sqli-report.md"
},
{
"tags": [
"patch"
],
"url": "https://github.com/beikeshop/beikeshop/commit/2fa9805411088069fcc3b0c15b2f1f33d6e09958"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T11:58:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11480",
"datePublished": "2026-06-08T02:30:11.142Z",
"dateReserved": "2026-06-07T09:53:15.168Z",
"dateUpdated": "2026-06-08T16:32:41.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11462 (GCVE-0-2026-11462)
Vulnerability from cvelistv5 – Published: 2026-06-07 22:00 – Updated: 2026-06-08 12:15 X_Open Source
VLAI
Title
Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization
Summary
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369082 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369082/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11462 | third-party-advisory |
| https://vuldb.com/submit/831466 | third-party-advisory |
| https://github.com/nuiifornet/BeikeShop-Vulnerabi… | exploit |
| https://github.com/beikeshop/beikeshop/commit/671… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Chengdu Everbrite Network Technology | BeikeShop |
Affected:
1.6.0.0
Affected: 1.6.0.1 Affected: 1.6.0.2 Affected: 1.6.0.3 Affected: 1.6.0.4 Affected: 1.6.0.5 Affected: 1.6.0.6 Affected: 1.6.0.7 Affected: 1.6.0.8 Affected: 1.6.0.9 Affected: 1.6.0.10 Affected: 1.6.0.11 Affected: 1.6.0.12 Affected: 1.6.0.13 Affected: 1.6.0.14 Affected: 1.6.0.15 Affected: 1.6.0.16 Affected: 1.6.0.17 Affected: 1.6.0.18 Affected: 1.6.0.19 Affected: 1.6.0.20 Affected: 1.6.0.21 Affected: 1.6.0.22 cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11462",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T11:10:10.863921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T12:15:15.350Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:chengdu_everbrite_network_technology:beikeshop:*:*:*:*:*:*:*:*"
],
"modules": [
"Stripe Plugin"
],
"product": "BeikeShop",
"vendor": "Chengdu Everbrite Network Technology",
"versions": [
{
"status": "affected",
"version": "1.6.0.0"
},
{
"status": "affected",
"version": "1.6.0.1"
},
{
"status": "affected",
"version": "1.6.0.2"
},
{
"status": "affected",
"version": "1.6.0.3"
},
{
"status": "affected",
"version": "1.6.0.4"
},
{
"status": "affected",
"version": "1.6.0.5"
},
{
"status": "affected",
"version": "1.6.0.6"
},
{
"status": "affected",
"version": "1.6.0.7"
},
{
"status": "affected",
"version": "1.6.0.8"
},
{
"status": "affected",
"version": "1.6.0.9"
},
{
"status": "affected",
"version": "1.6.0.10"
},
{
"status": "affected",
"version": "1.6.0.11"
},
{
"status": "affected",
"version": "1.6.0.12"
},
{
"status": "affected",
"version": "1.6.0.13"
},
{
"status": "affected",
"version": "1.6.0.14"
},
{
"status": "affected",
"version": "1.6.0.15"
},
{
"status": "affected",
"version": "1.6.0.16"
},
{
"status": "affected",
"version": "1.6.0.17"
},
{
"status": "affected",
"version": "1.6.0.18"
},
{
"status": "affected",
"version": "1.6.0.19"
},
{
"status": "affected",
"version": "1.6.0.20"
},
{
"status": "affected",
"version": "1.6.0.21"
},
{
"status": "affected",
"version": "1.6.0.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fklov (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-07T22:00:13.496Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369082 | Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369082"
},
{
"name": "VDB-369082 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369082/cti"
},
{
"name": "CVE-2026-11462 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11462"
},
{
"name": "Submit #831466 | BeikeShop 1.6.0 Design/Logic Flaw",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831466"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/nuiifornet/BeikeShop-Vulnerability/blob/main/README.md"
},
{
"tags": [
"patch"
],
"url": "https://github.com/beikeshop/beikeshop/commit/6719e0fc690ea0a998452092862e0f0a17c65968"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T09:37:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11462",
"datePublished": "2026-06-07T22:00:13.496Z",
"dateReserved": "2026-06-07T07:32:23.691Z",
"dateUpdated": "2026-06-08T12:15:15.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8165 (GCVE-0-2024-8165)
Vulnerability from cvelistv5 – Published: 2024-08-26 14:00 – Updated: 2025-11-24 06:20
VLAI
Title
Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal
Summary
A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275763 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.275763 | signaturepermissions-required |
| https://vuldb.com/?submit.393376 | third-party-advisory |
| https://github.com/DeepMountains/Mirage/blob/main… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Chengdu Everbrite Network Technology | BeikeShop |
Affected:
1.5.0
Affected: 1.5.1 Affected: 1.5.2 Affected: 1.5.3 Affected: 1.5.4 Affected: 1.5.5 Unaffected: 1.6.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8165",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T16:15:18.702895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T16:23:24.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BeikeShop",
"vendor": "Chengdu Everbrite Network Technology",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
},
{
"status": "affected",
"version": "1.5.5"
},
{
"status": "unaffected",
"version": "1.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wanglun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/file_manager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.6.0 is able to resolve this issue. It is suggested to upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T06:20:52.268Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275763 | Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275763"
},
{
"name": "VDB-275763 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275763"
},
{
"name": "Submit #393376 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Download",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.393376"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE18-1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-24T07:25:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8165",
"datePublished": "2024-08-26T14:00:06.012Z",
"dateReserved": "2024-08-26T07:22:19.235Z",
"dateUpdated": "2025-11-24T06:20:52.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8164 (GCVE-0-2024-8164)
Vulnerability from cvelistv5 – Published: 2024-08-26 13:31 – Updated: 2025-11-24 06:20
VLAI
Title
Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload
Summary
A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275762 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.275762 | signaturepermissions-required |
| https://vuldb.com/?submit.393375 | third-party-advisory |
| https://github.com/DeepMountains/zzz/blob/main/CV… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Chengdu Everbrite Network Technology | BeikeShop |
Affected:
1.5.0
Affected: 1.5.1 Affected: 1.5.2 Affected: 1.5.3 Affected: 1.5.4 Affected: 1.5.5 Unaffected: 1.6.0 |
|
| beikeshop | chengdu_everbrite_network_technology |
Affected:
1.5.0 , ≤ 1.5.5
(custom)
cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:beikeshop:chengdu_everbrite_network_technology:1.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "chengdu_everbrite_network_technology",
"vendor": "beikeshop",
"versions": [
{
"lessThanOrEqual": "1.5.5",
"status": "affected",
"version": "1.5.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T14:55:20.822034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T14:56:52.291Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BeikeShop",
"vendor": "Chengdu Everbrite Network Technology",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
},
{
"status": "affected",
"version": "1.5.5"
},
{
"status": "unaffected",
"version": "1.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wanglun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T06:20:49.733Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275762 | Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275762"
},
{
"name": "VDB-275762 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275762"
},
{
"name": "Submit #393375 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 FileUpload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.393375"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-24T07:25:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8164",
"datePublished": "2024-08-26T13:31:04.258Z",
"dateReserved": "2024-08-26T07:22:16.655Z",
"dateUpdated": "2025-11-24T06:20:49.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8163 (GCVE-0-2024-8163)
Vulnerability from cvelistv5 – Published: 2024-08-26 13:00 – Updated: 2025-11-24 06:20
VLAI
Title
Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal
Summary
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Path Traversal
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275761 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.275761 | signaturepermissions-required |
| https://vuldb.com/?submit.393374 | third-party-advisory |
| https://github.com/DeepMountains/zzz/blob/main/CV… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Chengdu Everbrite Network Technology | BeikeShop |
Affected:
1.5.0
Affected: 1.5.1 Affected: 1.5.2 Affected: 1.5.3 Affected: 1.5.4 Affected: 1.5.5 Unaffected: 1.6.0 |
|
| chengdu_everbrite_network_technology | beike_shop |
Affected:
1.5.0
Affected: 1.5.1 Affected: 1.5.2 Affected: 1.5.3 Affected: 1.5.4 Affected: 1.5.5 cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:chengdu_everbrite_network_technology:beike_shop:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "beike_shop",
"vendor": "chengdu_everbrite_network_technology",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
},
{
"status": "affected",
"version": "1.5.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8163",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T14:59:27.343838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:03:51.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BeikeShop",
"vendor": "Chengdu Everbrite Network Technology",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
},
{
"status": "affected",
"version": "1.5.3"
},
{
"status": "affected",
"version": "1.5.4"
},
{
"status": "affected",
"version": "1.5.5"
},
{
"status": "unaffected",
"version": "1.6.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wanglun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/file_manager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upgrading to version 1.6.0 can resolve this issue. You should upgrade the affected component."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.5,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T06:20:40.634Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275761 | Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275761"
},
{
"name": "VDB-275761 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275761"
},
{
"name": "Submit #393374 | Chengdu Guangda Network Technology BeikeShop \u003c=v1.5.5 Arbitrary File Deletion",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.393374"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DeepMountains/zzz/blob/main/CVE4-1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-24T07:25:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8163",
"datePublished": "2024-08-26T13:00:11.158Z",
"dateReserved": "2024-08-26T07:22:14.393Z",
"dateUpdated": "2025-11-24T06:20:40.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}