CVE-2024-6250

An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73	Exploit Third Party Advisory Issue Tracking
https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73	Exploit Third Party Advisory Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:lollms:lollms_web_ui:9.6:*:*:*:*:*:*:*

History

09 Jul 2025, 14:23

Type	Values Removed	Values Added
References	~~() https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73 -~~	() https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73 - Exploit, Third Party Advisory, Issue Tracking
First Time		Lollms lollms Web Ui Lollms
CPE		cpe:2.3:a:lollms:lollms_web_ui:9.6:::::::*

Information

Published : 2024-06-27 19:15

Updated : 2025-07-09 14:23

NVD link : CVE-2024-6250

Mitre link : CVE-2024-6250

CVE.ORG link : CVE-2024-6250

JSON object : View

Products Affected

lollms

lollms_web_ui

CWE

CWE-36

Absolute Path Traversal

{"id": "CVE-2024-6250", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-06-27T19:15:20.280", "references": [{"url": "https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-36"}]}], "descriptions": [{"lang": "en", "value": "An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal absoluta en parisneo/lollms-webui v9.6, espec\u00edficamente en el endpoint `open_file` de `lollms_advanced.py`. La funci\u00f3n `sanitize_path` con `allow_absolute_path=True` permite a un atacante acceder a archivos y directorios arbitrarios en un sistema Windows. Esta vulnerabilidad se puede aprovechar para leer cualquier archivo y enumerar directorios arbitrarios en el sistema afectado."}], "lastModified": "2025-07-09T14:23:34.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E1D9151-8F98-4B92-B63D-E911ED3AD347"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}