CVE-2024-4330

MEDIUM Year: 2024
CVSS v3 Score
4.0
Medium
Weakness Type
CWE-23
View all →

Vulnerability Description

A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file.

Related Vulnerabilities

CVE-2020-5284

MEDIUM
CVSS:4.3(Medium)

Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the ...

CWE-232020

CVE-2022-20862

MEDIUM
CVSS:4.3(Medium)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could al...

CWE-232022

CVE-2022-22245

MEDIUM
CVSS:4.3(Medium)

A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Ju...

CWE-232022

CVE-2022-30299

MEDIUM
CVSS:4.3(Medium)

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authentica...

CWE-232022

CVE-2023-1043

MEDIUM
CVSS:4.3(Medium)

A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relat...

CWE-232023

CVE-2024-12482

MEDIUM
CVSS:4.3(Medium)

A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\jav...

CWE-232024