A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.
References
Link | Resource |
---|---|
https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82 | Exploit Issue Tracking Technical Description |
Configurations
History
30 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE |
27 Aug 2024, 13:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82 - Exploit, Issue Tracking, Technical Description | |
CWE | CWE-22 | |
CPE | cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
First Time |
Gaizhenbiao chuanhuchatgpt
Gaizhenbiao |
31 Jul 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
31 Jul 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-31 01:15
Updated : 2024-08-30 16:15
NVD link : CVE-2024-6255
Mitre link : CVE-2024-6255
CVE.ORG link : CVE-2024-6255
JSON object : View
Products Affected
gaizhenbiao
- chuanhuchatgpt
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')