Tuchuanhuhu

9 exploits Active since Jun 2024
CVE-2024-5124 WRITEUP HIGH WRITEUP
gaizhenbiao/chuanhuchatgpt <20240310 - Info Disclosure
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.
CVSS 7.5
CVE-2024-3404 WRITEUP MEDIUM WRITEUP
gaizhenbiao/chuanhuchatgpt < 20240919-4 - Authenticated Incorrect Authorization via History Path Access
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.
CVSS 6.5
CVE-2024-4520 WRITEUP HIGH WRITEUP
gaizhenbiao/chuanhuchatgpt < 20240410 - Unauthenticated Improper Access Control
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.
CVSS 7.5
CVE-2024-5278 WRITEUP MEDIUM WRITEUP
gaizhenbiao/chuanhuchatgpt < 20240919 - Unrestricted File Upload via Insufficient Validation in /upload Endpoint
gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.
CVSS 6.1
CVE-2024-6037 WRITEUP CRITICAL WRITEUP
gaizhenbiao/chuanhuchatgpt 20240410 - Unauthenticated Arbitrary Folder Creation and Denial of Service
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.
CVSS 9.1
CVE-2024-6090 WRITEUP HIGH WRITEUP
gaizhenbiao/chuanhuchatgpt 20240410 - Path Traversal and Denial of Service via Chat History Deletion
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.
CVSS 7.5
CVE-2024-7962 WRITEUP HIGH WRITEUP
gaizhenbiao/chuanhuchatgpt 20240628 - Arbitrary File Read via Insufficient Prompt Template Validation
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.
CVSS 7.5
CVE-2024-8143 WRITEUP MEDIUM WRITEUP
gaizhenbiao/chuanhuchatgpt <20240628 - Privilege Escalation
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.
CVSS 4.3
CVE-2024-8400 WRITEUP MEDIUM WRITEUP
gaizhenbiao/chuanhuchatgpt < 20240410 - Stored Cross-Site Scripting via Malicious HTML File Upload
A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.
CVSS 5.4