Soumettre #793554: zhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Administrative API Accessinformation

Titrezhayujie chatgpt-on-wechat (CowAgent) 2.0.4 Unauthenticated Administrative API Access
DescriptionThe chatgpt-on-wechat Web Console exposes all administrative HTTP endpoints without any form of authentication or authorization. The HTTP server default, making all endpoints accessible to any client on the network or internet. An unauthenticated attacker can read and modify application configuration (including API keys), connect/disconnect messaging channels, upload arbitrary files, read application logs, and access memory content.
La source⚠️ https://github.com/zhayujie/chatgpt-on-wechat/issues/2733
Utilisateur
 Yu_Bao (UID 89348)
Soumission31/03/2026 12:14 (il y a 3 mois)
Modérer11/04/2026 22:22 (11 days later)
StatutAccepté
Entrée VulDB356990 [zhayujie chatgpt-on-wechat CowAgent 2.0.4 Administrative HTTP Endpoint authentification faible]
Points19

Do you want to use VulDB in your project?

Use the official API to access entries easily!