High severity7.5NVD Advisory· Published May 16, 2024· Updated Jun 17, 2026
CVE-2024-4321
CVE-2024-4321
Description
A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker can exploit this vulnerability by intercepting requests and manipulating the 'name' parameter to specify arbitrary file paths. This allows the attacker to read sensitive files on the server, leading to information leakage, including API keys and private information. The issue affects version 20240310 of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
220240310+ 1 more
- (no CPE)range: 20240310
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- huntr.com/bounties/19a16f8e-3d92-498f-abc9-8686005f067envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.