A vulnerability was found in parisneo lollms-webui up to 9.6. It has been rated as problematic. Affected by this issue is the function
add_reference_to_local_mode
of the file /add_reference_to_local_model of the component HTTP Request Handler. The manipulation of the argument path leads to path traversal: ‘..filename’.
This vulnerability is handled as CVE-2024-4841. An attack has to be approached locally. There is no exploit available.