Vulnerability Identifier

CVE-2024-4321

2024-05-16

Severity Assessment

LOW

CVSS v3.x Score

Clinical Analysis (Description)

A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker can exploit this vulnerability by intercepting requests and manipulating the 'name' parameter to specify arbitrary file paths. This allows the attacker to read sensitive files on the server, leading to information leakage, including API keys and private information. The issue affects version 20240310 of the application.

Vector Sequencing

Attack Parameters

Impact Consequences

Technical Impact

Weakness Classification

CWE-CWE-20

View CWE Details ↗

Affected Population

Affected Configurations

Total: 1 detected entries

Software List Scrollable

chuanhuchatgpt

Vendor: gaizhenbiao • v20240310

Timeline

Time Line

PUBLICATION

16 May 2024

MODIFICATION

10 Jul 2025

Impact Statistics

Key Metrics

CVSS Score

LOW

Products

Affected

Articles

Published

Remediation Protocol

Immediate Action Plan

1. Inventory

Identify all affected systems in your infrastructure.

2. Assessment

Assess exposure and criticality for your organization.

3. Mitigation

Apply patches or available workarounds.

4. Verification

Test and confirm effectiveness of applied measures.

Sources & Bibliography

NIST NVD MITRE CVE External Reference ↗ External Reference ↗

CVE Vulnerabilities

Posts & Pages