Lucene search

CVE-2024-3435

🗓️ 16 May 2024 09:14:15Reported by @huntr_aiType

cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

A path traversal vulnerability in 'save_settings' endpoint of parisneo/lollms-webui allows RCE via crafted JSON payloads

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Vulnrichment	CVE-2024-3435 Path Traversal in parisneo/lollms-webui	16 May 202409:03	–	vulnrichment
RedhatCVE	CVE-2024-3435	5 Feb 202510:16	–	redhatcve
OSV	CVE-2024-3435	16 May 202409:15	–	osv
Cvelist	CVE-2024-3435 Path Traversal in parisneo/lollms-webui	16 May 202409:03	–	cvelist
GithubExploit	Exploit for CVE-2024-3435	20 May 202402:17	–	githubexploit
NVD	CVE-2024-3435	16 May 202409:15	–	nvd

Vulners

Vulnrichment

Node

parisneo parisneo/lollms-webuiMatch9.5

[
  {
    "vendor": "parisneo",
    "product": "parisneo/lollms-webui",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "9.5",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/494f349a-8650-4d30-a0bd-4742fda44ce5
github	www.github.com/parisneo/lollms-webui/commit/bb99b59e710d00c4f2598faa5e183fa30fbd3bc2

Parameter	Position	Path	Description	CWE
config	request body	/save_settings	Path traversal vulnerability in 'save_settings' due to insufficient sanitization of 'config' parameter allowing remote code execution.	CWE-29

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 May 2024 09:15Current

7.6High risk

Vulners AI Score7.6

CVSS38.4

EPSS0.00065

SSVC

CWE-29