CVE-2024-8165

Summary

CVE-2024-8165 is a vulnerability identified in Chengdu Everbrite Network Technology BeikeShop versions up to 1.5.5, which affects the exportZip function in the file /admin/file_manager/export, allowing for path traversal due to improper argument manipulation. This vulnerability can be exploited remotely with low complexity and minimal user interaction, posing a medium risk to confidentiality but no integrity or availability impact. Affected products include x-PxZz, x-PxZy, x-PIoZ, x-PIoa, x-PxZx, and x-PQMf. To remediate this issue, organizations should update their BeikeShop software to a version that addresses this vulnerability. The vendor was contacted prior to public disclosure but did not respond.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.