4 matches found
Path Traversal
parisneo/lollms is vulnerable to Path Traversal. The vulnerability is due to the sanitizepath function within the file lollmsconfigurationinfos.py, which allows attackers to manipulate the discussiondbname parameter and potentially write to important system directories...
GHSA-8MRM-R7H3-C3HJ LoLLMS vulnerable to Expected Behavior Violation
A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...
LoLLMS vulnerable to Expected Behavior Violation
A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...
CVE-2024-6281
A path traversal vulnerability exists in the applysettings function of parisneo/lollms versions prior to 9.5.1. The sanitizepath function does not adequately secure the discussiondbname parameter, allowing attackers to manipulate the path and potentially write to important system folders...