CVE-2024-8164

Summary

CVE-2024-8164 is a critical vulnerability identified in Chengdu Everbrite Network Technology BeikeShop versions up to 1.5.5, which affects the file renaming function in the FileManagerController.php file. This vulnerability allows for unrestricted file uploads through manipulation of the new_name argument, potentially enabling remote exploitation by attackers. The affected products include various systems denoted as x-PxZz, x-PxZy, x-PIoZ, x-PxZx, x-PIoa, and x-PQMf. To remediate this issue, organizations should upgrade to a patched version of BeikeShop or implement controls to restrict file uploads and validate filenames securely. The risk posed by this vulnerability includes low integrity and confidentiality impacts but could still lead to significant security breaches if exploited.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.