A vulnerability was found in parisneo lollms up to 9.7. It has been declared as critical. Affected by this vulnerability is the function
sanitize_path_from_endpoint
. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).
This vulnerability is known as CVE-2024-4315. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.