CVE-2024-6281

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.1

Description: A path traversal issue exists in the apply settings function. The sanitize path function does not adequately secure the discussion db name parameter, allowing attackers to manipulate the path and potentially write to important system folders.

Recommendations: For versions prior to 9.5.1, update to version 9.5.1 or later to resolve the issue. As a temporary workaround, consider disabling the apply settings function until a patch is available. Restrict access to the discussion db name parameter to minimize the risk of exploitation.