CVE-2024-2178

Name of the Vulnerable Software and Affected Versions parisneo/lollms-webui (affected versions not specified)

Description A path traversal issue exists, specifically within the "copy to custom personas" endpoint in the "lollms personalities infos.py" file. This issue allows attackers to read arbitrary files by manipulating the category and name parameters during the "Copy to custom personas folder for editing" process. By inserting '../' sequences in these parameters, attackers can traverse the directory structure and access files outside of the intended directory. Successful exploitation results in unauthorized access to sensitive information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.