PT-2021-24058 · Unknown · Chain Sea Ai Chatbot System
Published
2021-12-20
·
Updated
2021-12-27
·
CVE-2021-44164
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Chain Sea ai chatbot system (affected versions not specified)
Description:
The issue is related to the file upload function in the Chain Sea ai chatbot system, which has insufficient filtering for special characters in URLs. This allows a remote attacker to bypass file type validation, upload malicious scripts, and execute arbitrary code without authentication. The goal of such an attack could be to take control of the system or terminate the service.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chain Sea Ai Chatbot System