CVE-2024-47171
published 2024-09-26CVE-2024-47171: Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to…
PriorityP423medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.48%
37.9th percentile
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agnai | agnai | < 1.0.330 | 1.0.330 |
| agnai | agnai | >= 0 < 1.0.330 | 1.0.330 |
| agnaistic | agnai | < 1.0.330 | 1.0.330 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Agnai vulnerable to Relative Path Traversal in Image Upload
osv·2024-09-26
CVE-2024-47171 [LOW] Agnai vulnerable to Relative Path Traversal in Image Upload
Agnai vulnerable to Relative Path Traversal in Image Upload
### Summary
A vulnerability has been discovered in **Agnai** that permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement.
This does not affect:
- agnai.chat
- installations using S3-compatible storage
- self-hosting that is not publicly exposed
### CWE-35: Path Traversal
https://cwe.mitre.org/data/definitions/35.html
### CVSS4.0 - 2.3 Low
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
### Details
This is a path traversal vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to t
GHSA
Agnai vulnerable to Relative Path Traversal in Image Upload
ghsa·2024-09-26
CVE-2024-47171 [LOW] CWE-22 Agnai vulnerable to Relative Path Traversal in Image Upload
Agnai vulnerable to Relative Path Traversal in Image Upload
### Summary
A vulnerability has been discovered in **Agnai** that permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement.
This does not affect:
- agnai.chat
- installations using S3-compatible storage
- self-hosting that is not publicly exposed
### CWE-35: Path Traversal
https://cwe.mitre.org/data/definitions/35.html
### CVSS4.0 - 2.3 Low
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
### Details
This is a path traversal vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to t
No detection rules found.
No public exploits indexed.
2024-09-26
Published