CVE-2026-11480 MEDIUM

CVE-2026-11480: Chengdu Everbrite Network Technology BeikeShop Admin Design Builder Endpoint admin.php sql injection

Vendor Chengdu Everbrite Network Technology
Product BeikeShop
Weakness CWE-89 · SQLi
Published June 8, 2026
Last update June 8, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 2fa9805411088069fcc3b0c15b2f1f33d6e09958. To fix this issue, it is recommended to deploy a patch.

Key dates

Disclosure timeline

June 8, 2026 CVE published
June 8, 2026 Record updated