Chain Sea Information Integration Co., Ltd ai chatbot system - Arbitrary File Upload

Vulnerability

The Chain Sea ai chatbot system (provided by 程曦資訊整合) contains an arbitrary file upload vulnerability in its file upload function. The function fails to properly filter special characters in URLs, allowing an attacker to bypass file type validation. Affected versions are not publicly disclosed; users should contact the vendor for the affected version list [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by crafting a malicious file upload request containing special characters in the URL to circumvent file type checks. No authentication is required, and the attack can be performed over the network.

Impact

Successful exploitation allows the attacker to upload a malicious script and execute arbitrary code on the server. This can lead to full control of the system, including data exfiltration, further compromise, or denial of service. The CVSS score is 9.8 (Critical) indicating high impact on confidentiality, integrity, and availability.

Mitigation

As of the publication date (2021-12-20), the vendor (程曦資訊整合) has not released a public patch. Users are advised to contact the vendor directly to obtain a version update [1]. No workaround is provided. The vulnerability is not listed in CISA KEV at this time.