CVE-2024-27564

MEDIUM EXPLOITED NUCLEI

ChatGPT个人专用版 - Server Side Request Forgery

Title source: nuclei

Description

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

Exploits (5)

nomisec WORKING POC 13 stars

by chsxthwik · poc

https://github.com/chsxthwik/CVE-2024-27564

View Code ZIP pw:eip

nomisec WRITEUP

by chaudhrymuhammadtayab · poc

https://github.com/chaudhrymuhammadtayab/SSRF-Exploit-CVE-2024-27564

View Code ZIP pw:eip

vulncheck_xdb

infoleak

https://github.com/MuhammadWaseem29/SSRF-Exploit-CVE-2024-27564

View on vulncheck_xdb

vulncheck_xdb WRITEUP

infoleak

https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel

View Code ZIP pw:eip

inthewild

poc

https://github.com/muhammadwaseem29/ssrf-exploit-cve-2024-27564

View on inthewild

Nuclei Templates (1)

ChatGPT个人专用版 - Server Side Request Forgery

HIGHVERIFIEDby DhiyaneshDK

FOFA: title="ChatGPT个人专用版"

References (5)

[Various Sources] https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php

[Exploit, Issue Tracking, Mitigation, Vendor Advisory] https://github.com/dirk1983/chatgpt/issues/114

[Various Sources] https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md

[Various Sources] https://web.archive.org/web/20250320031248/https://mm1.ltd/

[Issue Tracking] https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114

Scores

CVSS v3 5.8

EPSS 0.9208

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

VulnCheck KEV 2024-04-27

CWE

CWE-918

Status published

Products (1)

dirk1983/chatgpt 2023-05-23

Published Mar 05, 2024

Tracked Since Feb 18, 2026