CVE-2026-11480NVD

Vulnerability Summary

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Builder Endpoint. Performing a manipulation of the argument settings.value results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 2fa9805411088069fcc3b0c15b2f1f33d6e09958. To fix this issue, it is recommended to deploy a patch.

Severity Level

MEDIUM(6.3)

Published Date

Jun 8, 2026

Last Modified

Jun 8, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.04%Probability

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityLow

External References

https://vuldb.com/vuln/369100
https://vuldb.com/vuln/369100/cti
https://vuldb.com/cve/CVE-2026-11480
https://vuldb.com/submit/833973
https://anonymous.4open.science/r/beikeshop-4B75/second-order-sqli-report.md
https://github.com/beikeshop/beikeshop/commit/2fa9805411088069fcc3b0c15b2f1f33d6e09958

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11480NVD

Vulnerability Summary

External References