CVE-2024-3028
mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logofilename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the...