CVE-2024-1511

Exploit

EPSS 0.42%
Veröffentlicht 10.04.2024 17:15:51
Zuletzt bearbeitet 09.07.2025 14:08:00
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lollms ≫ Lollms Web Ui Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.609

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-1511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-1511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-1511

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-1511