4 matches found
CVE-2024-1873
CVE-2024-1873 affects parisneo/lollms-webui (version a9d16b0) via an exposed /select_database endpoint that mishandles file paths when interacting with the DiscussionsDB, enabling path traversal and potential denial of service. Attackers can specify absolute paths to create directories anywhere t...
CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...
CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...
PT-2024-18381 · Parisneo · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version a9d16b0 Description: The issue is related to an exposed /select database endpoint that improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance...