2 matches found
CVE-2024-2178
A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copytocustompersonas' endpoint in the 'lollmspersonalitiesinfos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy ...
CVE-2024-2178
CVE-2024-2178 affects parisneo/lollms-webui. The path traversal exists in the copy_to_custom_personas endpoint (lollms_personalities_infos.py), allowing crafted values in category and name (e.g., ../ sequences) to read files outside the intended directory. This results in unauthorized access to s...