We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-8898

Path Traversal in parisneo/lollms-webui



Description

A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of user-supplied input, which can be exploited to traverse directories outside the intended path.

Reserved 2024-09-16 | Published 2025-03-20 | Updated 2025-03-20 | Assigner @huntr_ai


MEDIUM: 6.7CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Any version before V12
affected

References

huntr.com/bounties/6072371f-0ddc-42e3-9207-1c6d6b18d32f

github.com/...ommit/6d07c8a0dd0a15cc060becc73fda9fe8e788eb23

cve.org (CVE-2024-8898)

nvd.nist.gov (CVE-2024-8898)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-8898

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.