CVE-2024-5824

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-22
View all →

Vulnerability Description

A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`.

Related Vulnerabilities

CVE-2016-2087

HIGH
CVSS:7.4(High)

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.

CWE-222016

CVE-2019-5624

HIGH
CVSS:7.4(High)

Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this...

CWE-222019

CVE-2019-8320

HIGH
CVSS:7.4(High)

A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would dele...

CWE-222019

CVE-2021-20218

HIGH
CVSS:7.4(High)

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to ext...

CWE-222021

CVE-2023-2316

HIGH
CVSS:7.4(High)

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vul...

CWE-222023

CVE-2024-29180

HIGH
CVSS:7.4(High)

Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is ...

CWE-222024