Insufficient Filtering in Chain Sea AI Chatbot System's File Upload Function Allows Remote Code Execution

Insufficient Filtering in Chain Sea AI Chatbot System's File Upload Function Allows Remote Code Execution

CVE-2021-44164 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.

Learn more about our Web Application Penetration Testing UK.