CVE-2024-8163 is a path traversal vulnerability identified in the BeikeShop e-commerce platform developed by Chengdu Everbrite Network Technology. The vulnerability exists in the destroyFiles function located at /admin/file_manager/files, where the input parameter 'files' is insufficiently sanitized, allowing attackers to manipulate the file path. This manipulation enables traversal outside the intended directory, potentially leading to unauthorized deletion or access of arbitrary files on the server. The vulnerability is remotely exploitable without user interaction and requires only low privileges, making it accessible to authenticated users with limited rights. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the moderate impact on confidentiality, integrity, and availability, with ease of exploitation and no user interaction needed. The vendor has addressed this issue in version 1.6.0, and upgrading is the recommended remediation. While no known exploits in the wild have been reported, the public availability of exploit code increases the likelihood of attacks. Organizations running affected versions should assess their exposure and apply patches promptly to mitigate risks associated with unauthorized file system access, which could lead to data breaches or service interruptions.

For European organizations using BeikeShop versions 1.5.0 through 1.5.5, this vulnerability poses a risk of unauthorized file deletion or access, potentially leading to data loss, service disruption, or exposure of sensitive information. Attackers exploiting this flaw could compromise the integrity and availability of the e-commerce platform, affecting business operations and customer trust. Given the remote exploitability and lack of user interaction required, attackers could automate attacks at scale. This is particularly concerning for organizations handling sensitive customer data or critical business functions via BeikeShop. The impact could extend to regulatory compliance issues under GDPR if personal data is exposed or lost. Additionally, disruption of e-commerce services could result in financial losses and reputational damage. The medium severity rating suggests a moderate but actionable threat that should be addressed promptly to prevent escalation or chaining with other vulnerabilities.

1. Immediately upgrade BeikeShop installations to version 1.6.0 or later, where the vulnerability is patched. 2. Restrict access to the /admin/file_manager/files endpoint to trusted administrators only, using network segmentation and access control lists. 3. Implement web application firewall (WAF) rules to detect and block path traversal patterns targeting the 'files' parameter. 4. Conduct regular security audits and code reviews of custom plugins or modifications to BeikeShop to ensure no similar vulnerabilities exist. 5. Monitor server logs for suspicious file access or deletion activities, especially unusual requests to the file manager. 6. Employ principle of least privilege for user accounts to limit the impact of compromised credentials. 7. Backup critical data regularly to enable recovery in case of file deletion or corruption. 8. Educate administrators on the risks of path traversal vulnerabilities and the importance of timely patching.