CVE-2021-44164

Summary

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.

Affected Software

VendorProductVersion RangeStatus
Chain Sea Information Integration Co., Ltdai chatbot system0unknown

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CVE Program Container

Additional References

References