Description

A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of user-supplied input, which can be exploited to traverse directories outside the intended path.

INFO

Published Date :

2025-03-20T10:10:58.125Z

Last Modified :

2025-03-20T16:20:06.356Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8898 vulnerability.

Vendors Products
Lollms
  • Lollms Web Ui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8898.

URL Resource
https://github.com/parisneo/lollms-webui/commit/6d07c8a0dd0a15cc060becc73fda9fe8e788eb23 cve-icon cve-icon
https://huntr.com/bounties/6072371f-0ddc-42e3-9207-1c6d6b18d32f cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact