3 matches found
VulnCheck KEV: CVE-2024-6250
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the openfile endpoint of lollmsadvanced.py. The sanitizepath function with allowabsolutepath=True allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can...
CVE-2024-6250
Summary (fact-grounded): CVE-2024-6250 affects parisneo/lollms-webui version 9.6. The vulnerability is an absolute path traversal in the open_file endpoint of lollms_advanced.py, where the sanitize_path function with allow_absolute_path=True enables reading arbitrary files and listing directories...
PT-2024-37482
Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.6 Description: An absolute path traversal issue exists, specifically in the "open file" endpoint of "lollms advanced.py". The sanitize path function with allow absolute path=True allows an attacker to access...