Path Traversal Vulnerability in Parisneo's Lollms Product
CVE-2024-9597
7.1HIGH
Summary
A Path Traversal vulnerability exists within the /wipe_database endpoint of Parisneo's Lollms version v12. This security issue allows attackers to delete any directory on the system due to inadequate validation of the key parameter, which is used to construct file paths. By exploiting this vulnerability, an attacker can issue a specially crafted HTTP request to delete arbitrary directories, potentially leading to significant data loss or system compromise.
Affected Version(s)
parisneo/lollms <= unspecified
References
CVSS V3.0
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved