Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-27564

MEDIUM
Published 2024-03-05T00:00:00.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-27564. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
5.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.918
probability
of exploitation in the wild

There is a 91.8% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.997
Higher than 99.7% of all CVEs

Attack Vector Metrics

Attack Vector
Not Available
Attack Complexity
Not Available
Privileges Required
Not Available
User Interaction
Not Available
Scope
Not Available

Impact Metrics

Confidentiality
Not Available
Integrity
Not Available
Availability
Not Available

Description

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

Available Exploits

ChatGPT个人专用版 - Server Side Request Forgery

A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.

ID: CVE-2024-27564
Author: DhiyaneshDK High

References:

Related News

Hackers Are Using ChatGPT Bug to Access Sensitive Data

According to a blog post by researchers from the cybersecurity company Veriti, a critical vulnerability in ChatGPT could be used by cybercrooks to gain unauthorized access to sensitive information. The flaw, CVE-2024-27564, could pose a risk to businesses tha…

Biztoc.com 2025-03-20 23:27
Read More
Hackers Are Using ChatGPT Bug to Access Sensitive Data

According to a blog post by researchers from the cybersecurity company Veriti, a critical vulnerability in ChatGPT could be used by cybercrooks to gain unauthorized access to sensitive information. The flaw, CVE-2024-27564, could pose a risk to businesses tha…

pymnts.com 2025-03-20 22:31
Read More
ChatGPT SSRF bug quickly becomes a favorite attack vector

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. Cybersecurity firm Veriti reports that threat actors are exploiting a server-side request forgery (SSR…

Securityaffairs.com 2025-03-18 15:17
Read More
CVE-2024-27564: Attackers Exploit OpenAI Vulnerability in the Wild

A newly disclosed server-side request forgery (SSRF) vulnerability, tracked as CVE-2024-27564, has become a significant target for cybercriminals, The post CVE-2024-27564: Attackers Exploit OpenAI Vulnerability in the Wild appeared first on Cybersecurity News.

SecurityOnline.info 2025-03-18 07:35
Read More
Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week

In its latest research report, cybersecurity firm Veriti has spotted active exploitation of a vulnerability within OpenAI’s ChatGPT…

HackRead 2025-03-17 21:26
Read More

Affected Products

dirk1983

mm1.ltd source code

Affected Versions:

f9f4bbc99eed7210b291ec116bd57b3d8276bee5
dirk1983

chatgpt

Affected Versions:

f9f4bbc

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-xm2p-hxq8-xj3q

Advisory Details

A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-27564
WEB https://github.com/dirk1983/chatgpt/issues/114
WEB https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md
WEB https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114
WEB https://web.archive.org/web/20250320031248/https://mm1.ltd
WEB https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php

Advisory provided by GitHub Security Advisory Database. Published: March 5, 2024, Modified: March 20, 2025

References

https://github.com/dirk1983/chatgpt/issues/114
https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114
https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php
https://web.archive.org/web/20250320031248/https://mm1.ltd/
https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md
Published: 2024-03-05T00:00:00.000Z
Last Modified: 2025-03-20T14:28:44.751Z
Copied to clipboard!