CVE-2024-1511

Source
https://cve.org/CVERecord?id=CVE-2024-1511
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1511.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-1511
Published
2024-04-10T17:08:01.043Z
Modified
2026-07-08T07:47:11.988475335Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Path Traversal Vulnerability in parisneo/lollms-webui
Details

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/1xxx/CVE-2024-1511.json",
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-22"
    ]
}
References

Affected packages

Git / github.com/parisneo/lollms-webui

Affected ranges

Type
GIT
Repo
https://github.com/parisneo/lollms-webui
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:lollms:lollms_web_ui:9.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "9.0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

9.*
9.0
v9.*
v9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1511.json"