A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.
References
Link | Resource |
---|---|
https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82 | Exploit Issue Tracking Technical Description |
https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82 | Exploit Issue Tracking Technical Description |
Configurations
History
21 Nov 2024, 09:49
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82 - Exploit, Issue Tracking, Technical Description | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
30 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
27 Aug 2024, 13:30
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
First Time |
Gaizhenbiao
Gaizhenbiao chuanhuchatgpt |
|
CPE | cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:* | |
References | () https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82 - Exploit, Issue Tracking, Technical Description | |
CWE | CWE-22 |
31 Jul 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
31 Jul 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-31 01:15
Updated : 2024-11-21 09:49
NVD link : CVE-2024-6255
Mitre link : CVE-2024-6255
CVE.ORG link : CVE-2024-6255
JSON object : View
Products Affected
gaizhenbiao
- chuanhuchatgpt
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')