CVE-2024-5823

CRITICAL

Gaizhenbiao Chuanhuchatgpt < 2024-04-10 - Denial of Service

Title source: rule

Description

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation.

References (2)

[Patch] https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b

View Patch ZIP pw:eip

[Exploit, Third Party Advisory] https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae

Scores

CVSS v3 9.1

EPSS 0.0010

EPSS Percentile 27.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-610 CWE-73

Status published

Products (1)

gaizhenbiao/chuanhuchatgpt < 2024-04-10

Published Oct 29, 2024

Tracked Since Feb 18, 2026