Tuchuanhuhu

8 exploits Active since Jun 2024
CVE-2024-3404 WRITEUP MEDIUM WRITEUP
Gaizhenbiao Chuanhuchatgpt < 20240919-4 - Incorrect Authorization
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.
CVSS 6.5
CVE-2024-4520 WRITEUP HIGH WRITEUP
Gaizhenbiao Chuanhuchatgpt < 20240410 - Missing Authorization
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.
CVSS 7.5
CVE-2024-5278 WRITEUP MEDIUM WRITEUP
Gaizhenbiao Chuanhuchatgpt < 20240919 - Unrestricted File Upload
gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.
CVSS 6.1
CVE-2024-6037 WRITEUP CRITICAL WRITEUP
Gaizhenbiao Chuanhuchatgpt - Resource Allocation Without Limits
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.
CVSS 9.1
CVE-2024-6090 WRITEUP HIGH WRITEUP
Gaizhenbiao Chuanhuchatgpt - Path Traversal
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.
CVSS 7.5
CVE-2024-7962 WRITEUP HIGH WRITEUP
Gaizhenbiao Chuanhuchatgpt - Path Traversal
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.
CVSS 7.5
CVE-2024-8143 WRITEUP MEDIUM WRITEUP
gaizhenbiao/chuanhuchatgpt <20240628 - Privilege Escalation
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.
CVSS 4.3
CVE-2024-8400 WRITEUP MEDIUM WRITEUP
gaizhenbiao/chuanhuchatgpt - XSS
A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.
CVSS 5.4