CVE-2024-27564

MEDIUM EXPLOITED NUCLEI

ChatGPT个人专用版 - Server Side Request Forgery

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2024-27564 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including chsxthwik, chaudhrymuhammadtayab. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates an SSRF vulnerability in `pictureproxy.php` where the `url` parameter is passed directly to `file_get_contents()` without validation, allowing arbitrary requests. The provided curl command exploits this to read local files.

Description

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

Exploits (3)

nomisec WORKING POC 13 stars
by chsxthwik · poc
https://github.com/chsxthwik/CVE-2024-27564

This PoC demonstrates an SSRF vulnerability in `pictureproxy.php` where the `url` parameter is passed directly to `file_get_contents()` without validation, allowing arbitrary requests. The provided curl command exploits this to read local files.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: pictureproxy.php (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable `pictureproxy.php` endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by chaudhrymuhammadtayab · poc
https://github.com/chaudhrymuhammadtayab/SSRF-Exploit-CVE-2024-27564

This repository provides a writeup and proof-of-concept for CVE-2024-27564, an SSRF vulnerability in `pictureproxy.php` due to improper validation of the `url` parameter. The PoC demonstrates how an attacker can exploit this to perform arbitrary requests, including local file reads.

Classification
Writeup 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: pictureproxy.php (version not specified)
No auth needed
Prerequisites: Access to the vulnerable `pictureproxy.php` endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WRITEUP
infoleak
https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel

This repository contains a technical analysis of the Deadbolt ransomware, focusing on its SHA-256 implementation and lock screen changes. It includes JavaScript code snippets and diffs but does not provide a functional exploit.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: QNAP devices (Deadbolt ransomware)
No auth needed
Prerequisites: QNAP device affected by Deadbolt ransomware
devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

ChatGPT个人专用版 - Server Side Request Forgery
HIGHVERIFIEDby DhiyaneshDK
FOFA: title="ChatGPT个人专用版"

References (5)

Core 5

Scores

CVSS v3 5.8
EPSS 0.9189
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2024-04-27
CWE
CWE-918
Status published
Products (1)
dirk1983/chatgpt 2023-05-23
Published Mar 05, 2024
Tracked Since Feb 18, 2026