Lucene search
K

4 matches found

OSV
OSV
added 3 days ago5 views

PYSEC-2026-403 parisneo/lollms Local File Inclusion (LFI) attack

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash , allowing attackers to perform directory traversal attacks on Windows systems...

9.1CVSS7.3AI score0.01024EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/04/10 5:7 p.m.14 views

CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...

9.3CVSS9.3AI score0.31087EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/10 5:7 p.m.9 views

CVE-2024-1600 Local File Inclusion in parisneo/lollms-webui

A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences ../../ followed by the desired system file path, URL...

9.3CVSS6.8AI score0.31087EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/10 12:0 a.m.7 views

PT-2024-18161 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: A Local File Inclusion LFI vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this...

9.3CVSS9.2AI score0.31087EPSS
Exploits1References7
Rows per page
Query Builder