CVE-2024-1511

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-1511

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1511.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-1511

Published

2024-04-10T17:15:51.670Z

Modified

2026-04-10T05:07:48.849404Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.

References

https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b

Affected packages

Git / github.com/parisneo/lollms-webui

Affected ranges

Type

GIT

Repo

https://github.com/parisneo/lollms-webui

Events

Introduced

Last affected

80d72ca433cf0cb8318e0d08fa774b608aa29f05

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v3.*

v3.0

v3.5

v4.*

v4.0

v5.*

v5.0

v6.*

v6.0

v6.5

v6.5.0

v6.5rc2

v6.7

v7.*

v7.0

v8.*

v8.5

v9.*

v9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1511.json"