CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion LFI attacks due to insufficient path sanitization. The sanitizepathfromendpoint function fails to properly sanitize Windows-style paths backward slash \, allowing attackers to perform directory traversal attacks on Windows systems...