Vulnerabilities > CVE-2024-27564 - Server-Side Request Forgery (SSRF) vulnerability in Dirk1983 Chatgpt 20230523
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/dirk1983/chatgpt/issues/114
- https://github.com/dirk1983/chatgpt/issues/114
- https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md
- https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114
- https://web.archive.org/web/20250320031248/https://mm1.ltd/
- https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php