TROYANOSYVIRUS
Retour aux CVEs

CVE-2024-2624

CRITICAL
9.8

Description

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of `personal_data`, and overwriting of configurations in `lollms-webui`->`configs` by exploiting the same named directory in `personal_data`. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie6/6/2024
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

lollms:lollms_web_ui

Faiblesses (CWE)

CWE-29CWE-22

References

https://github.com/parisneo/lollms-webui/commit/aeba79f3ea934331b8ecd625a58bae6e4f7e7d3f(security@huntr.dev)
https://huntr.com/bounties/39e17897-0e92-4473-91c7-f728322191aa(security@huntr.dev)
https://github.com/parisneo/lollms-webui/commit/aeba79f3ea934331b8ecd625a58bae6e4f7e7d3f(af854a3a-2127-422b-91ae-364da2661108)
https://huntr.com/bounties/39e17897-0e92-4473-91c7-f728322191aa(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.