CVE-2024-5278
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its /upload endpoint. Specifically, the handle_file_upload function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt | unspecified < 20240919 | affected |
Weaknesses
- CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05
- https://github.com/gaizhenbiao/chuanhuchatgpt/commit/22007a77f037c0cf76180f9b73a8d19e87dad02e
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.