CVE-2024-4315 | parisneo lollms up to 9.7 sanitize_path_from_endpoint filename control

Inserito da Angelo Barbosa | Giu 12, 2024 | CVE

A vulnerability was found in parisneo lollms up to 9.7. It has been declared as critical. Affected by this vulnerability is the function sanitize_path_from_endpoint. The manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2024-4315. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-4315 | parisneo lollms up to 9.7 sanitize_path_from_endpoint filename control

Post correlati

CVE-2024-43227 | WPDeveloper BetterDocs Plugin up to 3.5.8 on WordPress cross site scripting

CVE-2024-23224 | Apple macOS up to 13.6.3/14.2 information disclosure

CVE-2024-5356 | anji-plus AJ-Report up to 1.4.1 testTransform;swagger-ui dynSentence sql injection

CVE-2024-27989 | I Thirteen Web Solution WP Responsive Tabs Horizontal Vertical and Accordion Tabs Plugin cross site scripting