CVE-2024-10812 Scanner
CVE-2024-10812 Scanner - Open Redirect vulnerability in GPT Academic
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
23 days 12 hours
Scan only one
URL
Toolbox
-
GPT Academic is a platform designed to provide AI-driven academic tools and support. It is used by educators, students, and researchers to simplify various academic tasks, such as research, content generation, and language translation. The software's flexibility and robust AI capabilities have made it a popular choice in the education sector. The platform supports multiple integrations and is commonly used in academic institutions worldwide to improve productivity and learning experiences.
The vulnerability identified in GPT Academic v1.3.9 is an Open Redirect flaw. This type of vulnerability allows attackers to manipulate URL parameters to redirect users to malicious websites. If exploited, this vulnerability can lead to phishing attacks, as users may unknowingly visit attacker-controlled domains that appear legitimate. It is crucial to address such vulnerabilities to prevent potential exploitation and maintain user trust in the platform.
This vulnerability resides in the "file" parameter within the "/file=" endpoint. When a crafted request is made to this endpoint, the application improperly validates the redirection URL, enabling attackers to direct users to external malicious domains. The lack of proper input sanitization and validation in this parameter increases the risk of exploitation. This issue can be triggered using crafted URLs containing references to malicious websites.
Exploitation of this vulnerability could lead to several potential impacts, including phishing attacks, unauthorized access, and data theft. Users redirected to malicious domains may be tricked into revealing sensitive information or downloading harmful software. Such exploitation can also damage the reputation of GPT Academic and reduce user confidence in the platform’s security.
REFERENCES