CVE-2024-5278

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5278
gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*
History

17 Oct 2024, 13:56

Type Values Removed Values Added
References () https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 - () https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 6.5 		v2 : unknown
v3 : 6.1
First Time Gaizhenbiao
Gaizhenbiao chuanhuchatgpt
CPE cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*

07 Jun 2024, 14:56

Type Values Removed Values Added
Summary
  • (es) gaizhenbiao/chuanhuchatgpt es afectado por una vulnerabilidad de carga de archivos sin restricciones debido a una validación insuficiente de los tipos de archivos cargados en su endpoint `/upload`. Específicamente, la función `handle_file_upload` no sanitiza ni valida la extensión del archivo o el tipo de contenido de los archivos cargados, lo que permite a los atacantes cargar archivos con extensiones arbitrarias, incluidos archivos HTML que contienen payloads XSS y archivos Python. Esta vulnerabilidad, presente en la última versión 20240310, podría provocar ataques XSS almacenados y potencialmente provocar la ejecución remota de código (RCE) en el servidor que aloja la aplicación.

06 Jun 2024, 19:16

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-06 19:16

Updated : 2024-10-17 13:56

NVD link : CVE-2024-5278

Mitre link : CVE-2024-5278

CVE.ORG link : CVE-2024-5278

JSON object : View

Products Affected

gaizhenbiao

  • chuanhuchatgpt
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type