CVE-2024-9597 Information

Description

A Path Traversal vulnerability exists in the /wipe_database endpoint of parisneo/lollms version v12 allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the key parameter which is used to construct file paths. An attacker can exploit this by sending a specially crafted HTTP request to delete arbitrary directories.

Reference

https://huntr.com/bounties/1f6c8908-d486-4141-be55-25bd29933d8b