CVE-2024-5823

29.10.2024, 13:15

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
@huntr_ai	CNA	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 44%

Vendor	Product	Version
gaizhenbiao	chuanhuchatgpt	𝑥 ≤ 2024-04-10

𝑥

= Vulnerable software versions

Known Exploits!

https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae

Common Weakness Enumeration

References

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b

https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae