CVE-2024-27564

medium

Description

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

References

Exploits
More

https://www.securityweek.com/chatgpt-vulnerability-exploited-against-us-government-organizations/

https://www.darkreading.com/cyberattacks-data-breaches/actively-exploited-chatgpt-bug-organizations-risk

https://securityaffairs.com/175560/hacking/chatgpt-ssrf-bug-quickly-becomes-a-favorite-attack-vector.html

https://hackread.com/hackers-exploit-chatgpt-cve-2024-27564-10000-attacks/

https://veriti.ai/blog/cve-2024-27564-actively-exploited/

https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php

https://web.archive.org/web/20250320031248/https://mm1.ltd/

https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114

https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md

https://github.com/dirk1983/chatgpt/issues/114

Details

Source: Mitre, NVD

Published: 2024-03-05

Updated: 2025-03-20

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.91787