CVE-2024-4321

A Local File Inclusion LFI vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...

CVE-2024-5124

CVE-2024-5124 affects gaizhenbiao/chuanhuchatgpt (version 20240310) with a timing-attack in the password comparison logic that uses the Python '=' operator. An attacker could infer correct passwords by measuring per-character comparison timing, potentially exposing credentials. The root cause is ...

CVE-2024-5124 Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...

CVE-2024-5124 Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows a...

CVE-2024-5278

CVE-2024-5278 affects gaizhenbiao/chuanhuchatgpt. A vulnerability in the /upload endpoint allows unrestricted file uploads because handle_file_upload does not sanitize or validate file extensions or content types, enabling upload of HTML or Python files. This can lead to stored XSS and potentiall...

CVE-2024-4321

A Local File Inclusion LFI vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...

PYSEC-2024-267

A Local File Inclusion LFI vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...

PYSEC-2024-267

A Local File Inclusion LFI vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...

CVE-2024-4321 Local File Inclusion (LFI) in gaizhenbiao/chuanhuchatgpt

A Local File Inclusion LFI vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...

CVE-2024-4321

A Local File Inclusion (LFI) exists in gaizhenbiao/chuanhuchatgpt (version 20240310) due to improper input validation when handling file paths during chat history upload. An attacker can modify the name parameter to specify arbitrary file paths, enabling reading of sensitive server files and leak...

ChuanhuChatGPT 输入验证错误漏洞

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. An input validation error vulnerability exists in ChuanhuChatGPT version 20240310, which stems from improper input validation when handling file paths during chat log uploads, and...

CVE-2024-2564 PandaXGO PandaX user.go ExportUser path traversal

A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The explo...

PandaX Code Issues Vulnerabilities

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A code issue vulnerability exists in PandaX version 20240310 and prior versions, which stems from an incorrect manipulation of the parameter file can lead to unrestricted file...

PandaX Security Vulnerability

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from an incorrect operation of the parameter fileName that can lead to path travers...

PandaX Security Vulnerability

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the incorrect manipulation of the parameter filename can lead to path traversa...

PandaX SQL Injection Vulnerability

PandaX is PandaX open source a Go language open source low-code development framework for enterprise IoT platforms. An SQL injection vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the fact that incorrect manipulation of the parameter roleKey can lead to sql...