CVE-2024-8163
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-8163 is a critical vulnerability affecting Chengdu Everbrite Network Technology's BeikeShop versions up to 1.5.5, specifically within the destroyFiles function of the /admin/file_manager/files directory. This vulnerability allows for remote path traversal due to improper argument handling, which could potentially lead to unauthorized access to sensitive files. The vulnerability has been publicly disclosed, and organizations using affected products are at risk if unpatched. Remediation involves upgrading to a secured version of BeikeShop that addresses this issue, as the vendor has not responded to initial disclosure attempts. The vulnerability has a medium severity rating with an exploitability score of 2.8, indicating a low complexity attack vector that requires minimal privileges and no user interaction.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.