プラットフォーム
wordpress
コンポーネント
ai-engine
修正版
1.9.99
CVE-2023-51409 describes an Arbitrary File Access vulnerability discovered in the Jordy Meow AI Engine: ChatGPT Chatbot. This flaw allows attackers to upload files of any type, bypassing intended security controls. The vulnerability impacts versions of the chatbot up to and including 1.9.98. A patch is expected to address this issue.
The Arbitrary File Access vulnerability poses a significant threat. An attacker could upload malicious files, such as web shells or executable code, to the server hosting the ChatGPT Chatbot. Successful exploitation could lead to remote code execution, allowing the attacker to gain complete control over the server. This could result in data breaches, system compromise, and further lateral movement within the network. The ability to upload arbitrary file types drastically increases the attack surface and potential impact.
This vulnerability was publicly disclosed on 2024-04-12. The CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread attacks. Monitor security advisories and threat intelligence feeds for updates.
WordPress websites hosting the Jordy Meow AI Engine: ChatGPT Chatbot plugin, particularly those running older versions (≤1.9.98), are at significant risk. Shared hosting environments where users have limited control over server configurations are also particularly vulnerable.
• wordpress / composer / npm:
grep -r "wp_handle_upload" /var/www/html/wp-content/plugins/ai-engine-chatgpt-chatbot/• generic web:
curl -I https://your-website.com/wp-content/uploads/ | grep Content-Type• wordpress / composer / npm:
wp plugin list --status=active | grep 'ai-engine-chatgpt-chatbot'disclosure
エクスプロイト状況
EPSS
92.94% (100% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation is to upgrade to a patched version of the Jordy Meow AI Engine: ChatGPT Chatbot as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. These may include restricting file uploads to specific, safe file types using WordPress plugin restrictions or implementing strict file size limits. Web application firewalls (WAFs) can be configured to block suspicious file uploads based on file type or content. Closely monitor file upload directories for unexpected files.
Actualice el plugin AI Engine: ChatGPT Chatbot a la última versión disponible. Esto solucionará la vulnerabilidad de carga de archivos arbitrarios no autenticada.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2023-51409 is a critical vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot allowing attackers to upload any file type, potentially leading to code execution and system compromise. It affects versions up to 1.9.98.
If you are using Jordy Meow AI Engine: ChatGPT Chatbot version 1.9.98 or earlier, you are potentially affected by this vulnerability. Check your plugin version immediately.
Upgrade to the latest version of the Jordy Meow AI Engine: ChatGPT Chatbot plugin as soon as a patch is released. Until then, implement temporary workarounds like file type restrictions and WAF rules.
While active exploitation is not yet confirmed, the CRITICAL severity and public disclosure suggest a high likelihood of exploitation. Monitor security advisories and threat intelligence.
Refer to the Jordy Meow website and WordPress plugin repository for official advisories and updates regarding CVE-2023-51409.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。