CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
18.4%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json
and ds_config_chatbot.json
. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.
[
{
"cpes": [
"cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*"
],
"vendor": "gaizhenbiao",
"product": "chuanhuchatgpt",
"versions": [
{
"status": "affected",
"version": "20240410"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
18.4%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial