A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.
References
Configurations
No configuration.
History
22 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
20 Jul 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-20 04:15
Updated : 2024-07-22 13:00
NVD link : CVE-2024-6281
Mitre link : CVE-2024-6281
CVE.ORG link : CVE-2024-6281
JSON object : View
Products Affected
No product.
CWE
CWE-440
Expected Behavior Violation