CVE-2024-27564

nvd nist nuclei

Published: Mar 5, 2024Modified: Mar 20, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

Affected (1)

Products: Dirk1983: Chatgpt

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dirk1983 Chatgpt	Version 2023-05-23

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://github.com/dirk1983/chatgpt/issues/114

Source: cve@mitre.org

ExploitIssue TrackingMitigationVendor Advisory

https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md

Source: cve@mitre.org

https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114

Source: cve@mitre.org

https://web.archive.org/web/20250320031248/https://mm1.ltd/

Source: cve@mitre.org

https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php

Source: cve@mitre.org

https://github.com/dirk1983/chatgpt/issues/114

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingMitigationVendor Advisory

Timeline

No history available yet.