Lucene search

Veracode Vulnerability DatabaseVERACODE:47708

HistoryJun 24, 2024 - 7:23 a.m.

Path Traversal

2024-06-2407:23:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

lollms

path traversal

input sanitization

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

lollms is vulnerable to Path Traversal. The vulnerability is due to inadequate input sanitization of the data.category and data.folder parameters, allowing attackers to navigate beyond the intended directory structure. The attacker can create a config.yaml file in a controllable path, which can be appended to the extensions list, triggering the execution of init.py and leading to remote code execution.

CPENameOperatorVersion
lollmsle9.5.0
lollmsle9.5.0

CPE	Name	Operator	Version
	lollms	le	9.5.0
	lollms	le	9.5.0

References

github.com/ParisNeo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f

huntr.com/bounties/db52848a-4dbe-4110-a981-03739834bf45

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47708