Description
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/bd0f8f89-5c8a-4662-89aa-a6861d84cf4c
Scores
CVSS v3
7.5
EPSS
0.0015
EPSS Percentile
35.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
gaizhenbiao/chuanhuchatgpt
20240410
Published
Jun 27, 2024
Tracked Since
Feb 18, 2026