CVE-2024-10047 Information

Description

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.

Reference

https://huntr.com/bounties/69c3a27c-bd93-4aff-a46b-56798f28a3ce