CVE-2024-4321
published 2024-05-16CVE-2024-4321: A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat…
PriorityP345high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
0.60%
44.1th percentile
A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker can exploit this vulnerability by intercepting requests and manipulating the 'name' parameter to specify arbitrary file paths. This allows the attacker to read sensitive files on the server, leading to information leakage, including API keys and private information. The issue affects version 20240310 of the application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | — | — |
| gaizhenbiao | gaizhenbiao_chuanhuchatgpt | unspecified – latest | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL MISC rwhoisd format string attempt
suricata·2010-09-23
CVE-2001-0838 GPL MISC rwhoisd format string attempt
GPL MISC rwhoisd format string attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 4321 (msg:"GPL MISC rwhoisd format string attempt"; flow:established,to_server; content:"-soa %p"; reference:bugtraq,3474; reference:cve,2001-0838; classtype:misc-attack; sid:2101323; rev:8; metadata:created_at 2010_09_23, cve CVE_2001_0838, signature_severity Informational, updated_at 2024_03_08;)
No public exploits indexed.
No writeups or analysis indexed.
2024-05-16
Published