Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-6985

A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 27.5%
CVSS Severity
CVSS v3 Score 4.4
Products affected by CVE-2024-6985
  • Lollms » Lollms » Version: N/A
    cpe:2.3:a:lollms:lollms:-
  • Lollms » Lollms » Version: 1.0.0
    cpe:2.3:a:lollms:lollms:1.0.0
  • Lollms » Lollms » Version: 1.0.1
    cpe:2.3:a:lollms:lollms:1.0.1
  • Lollms » Lollms » Version: 2.0.0
    cpe:2.3:a:lollms:lollms:2.0.0


Contact Us

Shodan ® - All rights reserved