Lucene search
+L

4 matches found

nvd
nvd
added 2024/06/06 7:15 p.m.25 views

CVE-2024-2624

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

9.8CVSS0.01346EPSS
Exploits1References2
cvelist
cvelist
added 2024/06/06 6:11 p.m.32 views

CVE-2024-2624 Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

9.4CVSS0.01346EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2024/06/06 6:11 p.m.23 views

CVE-2024-2624 Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

9.4CVSS7.5AI score0.01346EPSS
Exploits1References2
cve
cve
added 2024/06/06 6:11 p.m.88 views

CVE-2024-2624

The connected Red Hat, NVD, OSV, and CVE records confirm a path traversal and arbitrary file upload vulnerability in parisneo/lollms-webui, affecting versions prior to 9.4 and exploitable via the /switch_personal_path endpoint in lollms_user.py. Root cause: insufficient sanitization of the path p...

9.8CVSS9.5AI score0.01346EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder