CVE-2024-1511

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b	Exploit Third Party Advisory
https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lollms:lollms_web_ui:9.0:*:*:*:*:*:*:*

History

09 Jul 2025, 14:08

Type	Values Removed	Values Added
CPE		cpe:2.3:a:lollms:lollms_web_ui:9.0:::::::*
References	~~() https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b -~~	() https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b - Exploit, Third Party Advisory
First Time		Lollms lollms Web Ui Lollms

Information

Published : 2024-04-10 17:15

Updated : 2025-07-09 14:08

NVD link : CVE-2024-1511

Mitre link : CVE-2024-1511

CVE.ORG link : CVE-2024-1511

JSON object : View

Products Affected

lollms

lollms_web_ui

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-1511", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-04-10T17:15:51.670", "references": [{"url": "https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages."}, {"lang": "es", "value": "El repositorio parisneo/lollms-webui es susceptible a una vulnerabilidad de path traversal debido a una validaci\u00f3n inadecuada de las rutas de archivo proporcionadas por el usuario. Esta falla permite que un atacante no autenticado lea, escriba y, en ciertas configuraciones, ejecute archivos arbitrarios en el servidor mediante la explotaci\u00f3n de varios endpoints. La vulnerabilidad puede explotarse incluso cuando el servicio est\u00e1 vinculado a localhost, a trav\u00e9s de solicitudes entre sitios facilitadas por p\u00e1ginas HTML/JS maliciosas."}], "lastModified": "2025-07-09T14:08:00.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2399B0FB-25C6-49CD-B523-0839533EAC2D"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}