Arbitrary File Deletion via Directory Traversal in gaizhenbiao/chuanhuchatgpt
CVE-2024-6255
9.1CRITICAL
What is CVE-2024-6255?
A serious vulnerability exists in the JSON file handling mechanism of the Chuanhuchatgpt product by Gaizhenbiao. This flaw allows any authenticated user to delete JSON files on the server, posing a significant threat to the integrity of the application. The vulnerability stems from inadequate path validation, making it susceptible to directory traversal attacks. Attackers can exploit this issue to remove essential configuration files, such as config.json and ds_config_chatbot.json, jeopardizing the system's functionality and leading to potential data loss or corruption.
Affected Version(s)
gaizhenbiao/chuanhuchatgpt <= unspecified
References
EPSS Score
13% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
