CVE-2024-4841
Path Traversal in parisneo/lollms-webui
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
Existe una vulnerabilidad de Path Traversal en parisneo/lollms-webui, específicamente dentro de la función 'add_reference_to_local_mode' debido a la falta de sanitización de entrada. Esta vulnerabilidad afecta a las versiones v9.6 hasta la última. Al explotar esta vulnerabilidad, un atacante puede predecir las carpetas, subcarpetas y archivos presentes en la computadora de la víctima. La vulnerabilidad está presente en la forma en que la aplicación maneja el parámetro 'ruta' en las solicitudes HTTP al endpoint '/add_reference_to_local_model'.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-05-13 CVE Reserved
- 2024-06-23 CVE Published
- 2024-08-01 CVE Updated
- 2025-02-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-29: Path Traversal: '\..\filename'
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Parisneo Search vendor "Parisneo" | Lollms-webui Search vendor "Parisneo" for product "Lollms-webui" | * | - |
Affected
| ||||||