CVE-2024-7962: Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-7962

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt

Source: NVD (National Vulnerability Database)

Vulnerability Description

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

路径遍历：’..filename’

Source: NVD (National Vulnerability Database)

Vulnerability Title

ChuanhuChatGPT 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ChuanhuChatGPT是Chuan Hu个人开发者的一款应用程序。为 ChatGPT 等多种 LLM 提供了一个轻快好用的 Web 图形界面和众多附加功能 ChuanhuChatGPT 20240628版本存在安全漏洞，该漏洞源于加载提示模板文件时验证不足，存在任意文件读取漏洞，允许读取符合格式的文件的部分内容，包括代码和日志文件，其中可能包含高度敏感的信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
gaizhenbiao	gaizhenbiao/chuanhuchatgpt	unspecified ~ 20240918	-

II. Public POCs for CVE-2024-7962

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-7962

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: gaizhenbiao/chuanhuchatgpt

Same vendor: gaizhenbiao

Same weakness: CWE-29

V. Comments for CVE-2024-7962

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2024-7962

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-7962

III. Intelligence Information for CVE-2024-7962

IV. Related Vulnerabilities

V. Comments for CVE-2024-7962

Leave a comment