CVE-2024-2360

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute...

CVE-2024-6281

A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...

PT-2024-37509 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.1 Description: A path traversal issue exists in the apply settings function. The sanitize path function does not adequately secure the discussion db name parameter, allowing attackers to manipulate the pa...

CVE-2024-4498

A Path Traversal and Remote File Inclusion RFI vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the /applysettings function, allowing an attacker to manipulate the discussiondbname...

LoLLMs Path Traversal Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A path traversal vulnerability exists in LoLLMs versions prior to 9.7, which stems from insufficient input validation in the /applysettings function, allowing an attacker to traverse the file...

CVE-2024-2360

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute...