PT-2024-38849 · Chengdu Everbrite Network Technology · Beikeshop
Wanglun
·
Published
2024-08-26
·
Updated
2025-11-24
·
CVE-2024-8164
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Chengdu Everbrite Network Technology BeikeShop versions up to 1.5.5
Description:
A critical issue has been found, affecting the
rename function of the file /Admin/Http/Controllers/FileManagerController.php. The manipulation of the new name argument leads to unrestricted upload. This issue can be exploited remotely.Recommendations:
For versions up to 1.5.5, as a temporary workaround, consider disabling the
rename function of the FileManagerController.php file until a patch is available. Restrict access to the /Admin/Http/Controllers/FileManagerController.php file to minimize the risk of exploitation. Avoid using the new name argument in the affected function until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Beikeshop