CVE-2024-1511

Name of the Vulnerable Software and Affected Versions parisneo/lollms-webui (affected versions not specified)

Description The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.