CVE-2024-4841

MEDIUM Year: 2024
CVSS v3 Score
4.0
Medium
Weakness Type
CWE-29
View all →

Vulnerability Description

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.

Related Vulnerabilities

CVE-2023-1034

MEDIUM
CVSS:4.3(Medium)

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.

CWE-292023

CVE-2023-6977

CRITICAL
CVSS:10.0(Critical)

This vulnerability enables malicious users to read sensitive files on the server.

CWE-292023

CVE-2024-2083

CRITICAL
CVSS:9.9(Critical)

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI pat...

CWE-292024

CVE-2023-1177

CRITICAL
CVSS:9.8(Critical)

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

CWE-292023

CVE-2023-2780

CRITICAL
CVSS:9.8(Critical)

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

CWE-292023

CVE-2023-6975

CRITICAL
CVSS:9.8(Critical)

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

CWE-292023