Critical Severity

lollms

Windows Path Traversal

A vulnerability in the lollms application allows attackers to perform directory traversal attacks on Windows systems due to improper sanitization of Windows-style paths. The issue affects version 9.5 and was patched in version 9.8.

Available publicly on Jun 12 2024

9.1

CVE:

CVE-2024-4315

CWE:

98:Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Credit:

0xanis
AssessDetect

Premium

Remediate
Remediation Steps
  • Update to lollms version 9.8 or later.
  • Ensure that all path sanitization functions properly handle Windows-style paths (backslashes).
  • Regularly audit and test security measures to prevent directory traversal and other types of attacks.
  • Consider implementing additional layers of security, such as firewalls and intrusion detection systems, to mitigate the risk of exploitation.
Patch Details
  • Fixed Version: 9.8
  • Patch Commit: https://github.com/ParisNeo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon