CVE-2024-8164 | THREATINT

Description

A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded.

PUBLISHED Reserved 2024-08-26 | Published 2024-08-26 | Updated 2025-11-24 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Problem types

Unrestricted Upload

Improper Access Controls

Product status

1.5.0

affected

1.5.1

affected

1.5.2

affected

1.5.3

affected

1.5.4

affected

1.5.5

affected

1.6.0

unaffected

Timeline

2024-08-26:	Advisory disclosed
2024-08-26:	VulDB entry created
2025-11-24:	VulDB entry last update

Credits

wanglun (VulDB User) reporter

References

vuldb.com/?id.275762 (VDB-275762 | Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload) vdb-entry technical-description

vuldb.com/?ctiid.275762 (VDB-275762 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.393375 (Submit #393375 | Chengdu Guangda Network Technology BeikeShop <=v1.5.5 FileUpload) third-party-advisory

github.com/DeepMountains/zzz/blob/main/CVE4-2.md exploit

cve.org (CVE-2024-8164)

nvd.nist.gov (CVE-2024-8164)

Download JSON