CVE-2024-8165

Name of the Vulnerable Software and Affected Versions: Chengdu Everbrite Network Technology BeikeShop versions up to 1.5.5

Description: A problematic issue was found in BeikeShop, affecting the exportZip function of the file /admin/file manager/export. The manipulation of the path argument leads to path traversal. This issue can be exploited remotely.

Recommendations: For versions up to 1.5.5, as a temporary workaround, consider disabling the exportZip function until a patch is available. Restrict access to the /admin/file manager/export endpoint to minimize the risk of exploitation. Avoid using the path argument in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.