Vulnerability CVE-2024-4841


Published: 2024-06-23

Description:
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.

Type:

CWE-29

(Path Traversal: '\..\filename')

 References:
https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602

Copyright 2024, cxsecurity.com

 

Back to Top