CVE-2024-4841 Information

Description

A Path Traversal vulnerability exists in the parisneo/lollms-webui specifically within the ‘add_reference_to_local_mode’ function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability an attacker can predict the folders subfolders and files present on the victim’s computer. The vulnerability is present in the way the application handles the ‘path’ parameter in HTTP requests to the ‘/add_reference_to_local_model’ endpoint.

Reference

https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602