4 matches found
CVE-2024-0549
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...
CVE-2024-0549 Relative Path Traversal in mintplex-labs/anything-llm
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...
CVE-2024-0549 Relative Path Traversal in mintplex-labs/anything-llm
mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input...
CVE-2024-0549
The CVE-2024-0549 entry concerns mintplex-labs/anything-llm and describes a relative path traversal in deletion requests. The root cause is insufficient input validation/normalization when handling file and folder deletion, allowing an authenticated default-role attacker to delete files (includin...