CVE-2024-6985 | parisneo lollms-webui up to 5.8.x open_personality_folder path traversal

Inserito da Angelo Barbosa | Ott 11, 2024 | CVE

A vulnerability was found in parisneo lollms-webui up to 5.8.x. It has been declared as problematic. This vulnerability affects the function open_personality_folder. The manipulation of the argument personality_folder leads to relative path traversal.

This vulnerability was named CVE-2024-6985. An attack has to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-6985 | parisneo lollms-webui up to 5.8.x open_personality_folder path traversal

Post correlati

CVE-2024-44064 | LikeBtn Like Button Rating Plugin up to 2.6.54 on WordPress cross-site request forgery

CVE-2023-4628 | LadiApp Plugin up to 4.4 on WordPress ladiflow_save_hook cross-site request forgery

CVE-2024-4351 | Tutor LMS Pro Plugin up to 2.7.0 on WordPress authorization

CVE-2022-48784 | Linux Kernel up to 5.15.24/5.16.10 cfg80211_destroy_ifaces iteration (241e633cb379/c979f792a2ba/f0a6fd152706)