CVE-2024-5823

CRITICAL

gaizhenbiao/chuanhuchatgpt <= 20240410 - File Overwrite and Denial of Service via Configuration File Tampering

Title source: llm

Description

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation.

References (2)

Core 2

Core References

Patch

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b

View Patch ZIP pw:eip

Exploit, Third Party Advisory

https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae

Scores

CVSS v3 9.1

EPSS 0.0053

EPSS Percentile 40.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-610 CWE-73

Status published

Products (1)

gaizhenbiao/chuanhuchatgpt < 2024-04-10

Published Oct 29, 2024

Tracked Since Feb 18, 2026