Arbitrary Folder Creation Vulnerability in Gaizhenbiao's Chuanhuchatgpt
CVE-2024-6037

9.1CRITICAL

Key Information:

Vendor: Gaizhenbiao
Status: Gaizhenbiao/chuanhuchatgpt
Vendor: CVE Published:; 10 July 2024

🔔 Create Gaizhenbiao Vulnerability Alert

What is CVE-2024-6037?

A security vulnerability exists within Gaizhenbiao's ChuanhuChatGPT version 20240410, allowing malicious actors to create arbitrary directories on the server operating system. This issue leads to significant risks, including uncontrolled consumption of server resources, which can ultimately result in service disruptions and potential denial of service (DoS). The exploit allows attackers to manipulate folder structures in sensitive areas, including the root directory (C: dir), posing risks of data loss or corruption caused by poor resource management and server instability.

Affected Version(s)

gaizhenbiao/chuanhuchatgpt < 20240918

References

https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54d...

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/71cb...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Jun 15, 2024

JSON