4 matches found
PYSEC-2026-403 parisneo/lollms Local File Inclusion (LFI) attack
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...
CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui
A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...
CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui
A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...
PT-2024-18161 · Unknown · Parisneo/Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this...