How severe is CVE-2024-1600?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.3 out of 10.

What type of vulnerability is CVE-2024-1600?

This is classified as CWE-98, which is a common weakness in software security.

CVE-2024-1600

CRITICAL Year: 2024

CVSS v3 Score

9.3

Critical

Weakness Type

CWE-98

View all →

Vulnerability Description

A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application.

CVE-2024-4315

CRITICAL

CVSS:9.1(Critical)

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-sty...

CWE-982024

CVE-2024-43261

CRITICAL

CVSS:9.6(Critical)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hamed Naderfar Compute Links allows PHP Remote File Inclusion.This issue affect...

CWE-982024

CVE-2025-26909

CRITICAL

CVSS:9.6(Critical)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects...

CWE-982025

CVE-2025-26916

CRITICAL

CVSS:9.0(Critical)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EPC Massive Dynamic. This issue affects Massive Dynamic: from n/a through 8.2.

CWE-982025

CVE-2014-9186

CRITICAL

CVSS:9.8(Critical)

A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file ...

CWE-982014

CVE-2022-40089

CRITICAL

CVSS:9.8(Critical)

A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow...

CWE-982022

CVE-2024-1600

Vulnerability Description

Related Vulnerabilities

CVE-2024-4315

CVE-2024-43261

CVE-2025-26909

CVE-2025-26916

CVE-2014-9186

CVE-2022-40089