CVE-2024-6037
CRITICALgaizhenbiao/chuanhuchatgpt 20240410 - Unauthenticated Arbitrary Folder Creation and Denial of Service
Title source: llmDescription
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e
Scores
CVSS v3
9.1
EPSS
0.1061
EPSS Percentile
95.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (1)
gaizhenbiao/chuanhuchatgpt
20240410
Published
Jul 10, 2024
Tracked Since
Feb 18, 2026