How severe is CVE-2024-2362?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-2362?

This is classified as CWE-36, which is a common weakness in software security.

CVE-2024-2362 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory.

Related Vulnerabilities

CVE-2024-10831

CRITICAL

CVSS:9.1(Critical)

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations ...

CWE-362024

CVE-2024-47883

CRITICAL

CVSS:9.1(Critical)

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the `java.net.URL` class to refer to (what are expected to be) local resourc...

CWE-362024

CVE-2022-20958

HIGH

CVSS:8.8(High)

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack o...

CWE-362022

CVE-2023-40597

HIGH

CVSS:8.8(High)

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.

CWE-362023

CVE-2023-5022

HIGH

CVSS:8.8(High)

A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The...

CWE-362023

CVE-2024-21323

HIGH

CVSS:8.8(High)

Microsoft Defender for IoT Remote Code Execution Vulnerability

CWE-362024