cbcvebase.
CVE-2023-51409
published 2024-04-12

CVE-2023-51409: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a…

PriorityP192critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
63.33%
99.1th percentile
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98.

Affected

2 ranges
VendorProductVersion rangeFixed in
jordy_meowai_engine_chatgpt_chatbotn/a – 1.9.98
meowappsai_engine< 1.9.991.9.99

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/mwai-ui/v1/files/upload
path/wp-content/plugins/ai-engine/
filename*.php (arbitrary PHP file upload via name="file"; filename="<random>.php")
  • Detect unauthenticated POST requests to the WordPress REST API endpoint /wp-json/mwai-ui/v1/files/upload — no authentication headers are required, making any such request from an external source suspicious.
  • Look for multipart/form-data upload requests containing a .php filename in the Content-Disposition header targeting the AI Engine plugin endpoint.
  • A successful exploit returns HTTP 200 with a JSON body containing both '"success":true' and the uploaded .php filename — monitor HTTP responses from the upload endpoint for this pattern.
  • Presence of the plugin path /wp-content/plugins/ai-engine/ on a WordPress site indicates a potentially vulnerable installation; correlate with version <= 1.9.98.
  • ·The vulnerability affects AI Engine: ChatGPT Chatbot versions from n/a through 1.9.98 only; version 1.9.99 and later are patched. Detections should be scoped to sites running vulnerable versions.
  • ·The exploit is unauthenticated (PR:N), meaning no credentials or session tokens are needed — WAF/IDS rules should not require authentication context to fire on this endpoint.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.