The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-04-10T17:08:01.043Z
Updated: 2024-08-01T18:40:21.305Z
Reserved: 2024-02-14T20:51:16.717Z
Link: CVE-2024-1511
Vulnrichment
Updated: 2024-08-01T18:40:21.305Z
NVD
Status : Awaiting Analysis
Published: 2024-04-10T17:15:51.670
Modified: 2024-04-10T19:49:51.183
Link: CVE-2024-1511
Redhat
No data.