A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of `personal_data`, and overwriting of configurations in `lollms-webui`->`configs` by exploiting the same named directory in `personal_data`. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files.
History

Tue, 15 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Lollms
Lollms lollms Web Ui
Weaknesses CWE-22
CPEs cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*
Vendors & Products Lollms
Lollms lollms Web Ui
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-06T18:11:44.254Z

Updated: 2024-08-01T19:18:48.117Z

Reserved: 2024-03-18T23:26:31.471Z

Link: CVE-2024-2624

cve-icon Vulnrichment

Updated: 2024-08-01T19:18:48.117Z

cve-icon NVD

Status : Modified

Published: 2024-06-06T19:15:55.437

Modified: 2024-11-21T09:10:09.430

Link: CVE-2024-2624

cve-icon Redhat

No data.