← Back to CVE List

CVE-2024-4315

Published: 2024-06-12T01:15Z
Last Modified: 2024-11-21T09:42Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt