Arbitrary File Deletion via Directory Traversal in gaizhenbiao/chuanhuchatgpt
CVE-2024-6255

9.1CRITICAL

Key Information:

Vendor: Gaizhenbiao
Status: Gaizhenbiao/chuanhuchatgpt
Vendor: CVE Published:; 31 July 2024

🔔 Create Gaizhenbiao Vulnerability Alert

What is CVE-2024-6255?

A serious vulnerability exists in the JSON file handling mechanism of the Chuanhuchatgpt product by Gaizhenbiao. This flaw allows any authenticated user to delete JSON files on the server, posing a significant threat to the integrity of the application. The vulnerability stems from inadequate path validation, making it susceptible to directory traversal attacks. Attackers can exploit this issue to remove essential configuration files, such as config.json and ds_config_chatbot.json, jeopardizing the system's functionality and leading to potential data loss or corruption.

Affected Version(s)

gaizhenbiao/chuanhuchatgpt <= unspecified

References

https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Jun 21, 2024