Medium

chuanhuchatgpt

Unrestricted File Upload Leading to RCE

A file upload vulnerability was identified in the chat application 'gaizhenbiao/chuanhuchatgpt', affecting the latest version as of 20240310. The vulnerability arises from the lack of sanitization of file names and content types during the upload process, allowing for the execution of arbitrary code or XSS payloads. This issue has not yet been patched.

Available publicly on May 24 2024

6.5

CVE:

CVE-2024-5278

CWE:

434:Unrestricted Upload of File with Dangerous Type

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Credit:

mohamedabdelhady933
AssessDetect

Unavailable

Remediate
Remediation Steps
  • Ensure input validation is implemented for all file uploads, including checking file names, content types, and extensions.
  • Sanitize all inputs to remove or neutralize potentially malicious content.
  • Implement a whitelist of allowed file types to restrict uploads to known safe types.
  • Regularly update and patch the software to fix known vulnerabilities.
  • Consider using security tools or services to automatically scan for and mitigate common vulnerabilities.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.