Published: 05/03/2024 Updated: 20/03/2025

SSRF Vulnerability via Crafted URL Injection in ChatGPT Pictureproxy

A Server-Side Request Forgery (SSRF) vulnerability exists in ChatGPT commit f9f4bbc through the pictureproxy.php file. Attackers can exploit this by injecting crafted URLs into the url parameter, forcing the application to make arbitrary requests.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dirk1983 chatgpt f9f4bbc
dirk1983 mm1.ltd source code
dirk1983 chatgpt 2023-05-23

Check Point Reference: CPAI-2024-0873 Date Published: 14 Oct 2024 Severity: Medium ...

CVE-2024-27564

CWE-918 CWE-918 https://nvd.nist.gov https://github.com/Quantum-Hacker/CVE-2024-27564 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0873.html https://www.first.org/epss https://github.com/dirk1983/chatgpt/issues/114 https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114 https://web.archive.org/web/20250320031248/https://mm1.ltd/https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php https://github.com/dirk1983/chatgpt/issues/114

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-27564

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect