CVE-2024-10047

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-36
View all →

Vulnerability Description

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.

Related Vulnerabilities

CVE-2023-1176

MEDIUM
CVSS:5.3(Medium)

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

CWE-362023

CVE-2023-5390

MEDIUM
CVSS:5.3(Medium)

An attacker could potentially exploit this vulnerability, leading to files being read from the Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC. This exploit could be used to read files f...

CWE-362023

CVE-2024-1703

MEDIUM
CVSS:5.3(Medium)

A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to ...

CWE-362024

CVE-2024-6097

MEDIUM
CVSS:5.3(Medium)

In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

CWE-362024

CVE-2021-34711

MEDIUM
CVSS:5.5(Medium)

A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input v...

CWE-362021

CVE-2024-57966

MEDIUM
CVSS:5.0(Medium)

libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.

CWE-362024