Directory Listing Vulnerability in Parisneo Lollms-WebUI
CVE-2024-10047

5.3MEDIUM

Key Information:

Vendor: Parisneo
Status: Parisneo/lollms-webui
Vendor: CVE Published:; 20 March 2025

Summary

The Lollms-WebUI by Parisneo has a vulnerability that allows attackers to exploit the /open_file endpoint, enabling them to list arbitrary directories on Windows systems through specially crafted HTTP requests. This poses significant security risks, as unauthorized access to directory contents can lead to further exploitation. It is critical for users of Lollms-WebUI versions v9.9 and above to implement necessary mitigations to safeguard against potential attacks.

Affected Version(s)

parisneo/lollms-webui <= unspecified

References

https://huntr.com/bounties/69c3a27c-bd93-4aff-a46b-56798f...

CVSS V3.0

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Oct 16, 2024