Vulnerability Details CVE-2024-4841
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.6%
CVSS Severity
CVSS v3 Score 4.0
References
Products affected by CVE-2024-4841
-
cpe:2.3:a:parisneo:lollms-webui:9.6