CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6
https://huntr.com/bounties/8a1b0197-2c36-4276-b92b-630a2a9bb09c

Configurations

No configuration.

History

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) parisneo/lollms versión 9.5 es vulnerable a ataques de inclusión de archivos locales (LFI) debido a una sanitización insuficiente de la ruta. La función `sanitize_path_from_endpoint` no sanitiza adecuadamente las rutas de estilo Windows (barra invertida `\`), lo que permite a los atacantes realizar ataques de directory traversal en sistemas Windows. Esta vulnerabilidad se puede explotar a través de varias rutas, incluidas `personalities` y `/del_preset`, para leer o eliminar cualquier archivo en el sistema de archivos de Windows, comprometiendo la disponibilidad del sistema.

12 Jun 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-12 01:15

Updated : 2024-06-13 18:36

NVD link : CVE-2024-4315

Mitre link : CVE-2024-4315

CVE.ORG link : CVE-2024-4315

JSON object : View

Products Affected

No product.

CWE

CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

9.1 /10