Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot
CVE-2024-29100

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: Ai Engine: Chatgpt Chatbot
Vendor: CVE Published:; 28 March 2024

Summary

The AI Engine: ChatGPT Chatbot developed by Jordy Meow has a vulnerability that allows for the unrestricted upload of files with potentially dangerous types. This issue impacts AI Engine: ChatGPT Chatbot from unspecified versions up to and including version 2.1.4. This flaw could enable attackers to upload malicious files, leading to arbitrary remote code execution or other severe security risks. It is essential for users of the affected versions to apply appropriate security measures and updates to mitigate these vulnerabilities.

Affected Version(s)

AI Engine: ChatGPT Chatbot <= 2.1.4

References

https://patchstack.com/database/vulnerability/ai-engine/w...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Mar 15, 2024

Credit

Rafie Muhammad (Patchstack)