Lucene search

@huntr_aiCVELIST:CVE-2024-4498

HistoryJun 25, 2024 - 7:55 p.m.

CVE-2024-4498 Path Traversal and RFI Vulnerability in parisneo/lollms-webui

2024-06-2519:55:42

CWE-22

@huntr_ai

www.cve.org

path traversal

rfi vulnerability

parisneo/lollms-webui

input validation

remote code execution

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.6%

JSON

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /apply_settings function, allowing an attacker to manipulate the discussion_db_name parameter to traverse the file system and include arbitrary files. This issue is compounded by the bypass of input filtering in the install_binding, reinstall_binding, and unInstall_binding endpoints, despite the presence of a sanitize_path_from_endpoint(data.name) filter. Successful exploitation enables an attacker to upload and execute malicious code on the victim’s system, leading to Remote Code Execution (RCE).

CNA Affected

[
  {
    "vendor": "parisneo",
    "product": "parisneo/lollms-webui",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

References

huntr.com/bounties/9238e88a-a6ca-4915-9b5d-6cdb4148d3f4

7.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for CVELIST:CVE-2024-4498