CVE-2024-10819

Exploit

EPSS 0.07%
Veröffentlicht 20.03.2025 10:10:26
Zuletzt bearbeitet 14.07.2025 15:05:59
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Binary-husky ≫ Gpt Academic Version3.83

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.213

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security@huntr.dev	7.1	2.8	4.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://huntr.com/bounties/45270c4b-a500-4374-a90b-37b604a3ace0

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-10819

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-10819

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-10819

EUVD