Skip to content

A path traversal and arbitrary file upload vulnerability...

Critical severity Unreviewed Published Jun 6, 2024 to the GitHub Advisory Database • Updated Jun 6, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get("/switch_personal_path") endpoint in ./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py. The vulnerability arises due to insufficient sanitization of user-supplied input for the path parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of personal_data, and overwriting of configurations in lollms-webui->configs by exploiting the same named directory in personal_data. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files.

References

Published by the National Vulnerability Database Jun 6, 2024
Published to the GitHub Advisory Database Jun 6, 2024
Last updated Jun 6, 2024

Severity

Critical
9.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Weaknesses

CVE ID

CVE-2024-2624

GHSA ID

GHSA-5p62-ppjr-4c45

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.