Vulnerabilities > CVE-2024-27564 - Server-Side Request Forgery (SSRF) vulnerability in Dirk1983 Chatgpt 20230523

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

dirk1983

CWE-918

NVD

Published: 2024-03-05

Updated: 2025-03-20

Summary

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

Vulnerable Configurations

Part	Description	Count
Application	Dirk1983 Dirk1983 Chatgpt 2023-05-23	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://github.com/dirk1983/chatgpt/issues/114
https://github.com/dirk1983/chatgpt/issues/114
https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md
https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114
https://web.archive.org/web/20250320031248/https://mm1.ltd/
https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php