CVE-2024-2361 | parisneo lollms-webui binding.py install_model path traversal

Inserito da Angelo Barbosa | Mag 16, 2024 | CVE

A vulnerability, which was classified as very critical, was found in parisneo lollms-webui. This affects the function install_model of the file lollms_core/lollms/binding.py. The manipulation leads to path traversal: ‘..filename’.

This vulnerability is uniquely identified as CVE-2024-2361. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2024-2361 | parisneo lollms-webui binding.py install_model path traversal

Post correlati

CVE-2024-3027 | Smart Slider Plugin up to 3.5.1.22 on WordPress File Upload authorization

CVE-2024-28338 | Totolink A8000RU 7.1cu.643_B20200521 improper authentication

CVE-2024-26652 | Linux Kernel up to 6.6.21/6.7.9 pds_core auxiliary_device_add double free (995f802abff2/ffda0e962f27/ba18deddd6d5)

CVE-2024-4820 | SourceCodester Online Computer and Laptop Store 1.0 SystemSettings.php unrestricted upload