The vulnerability arises from inadequate path sanitization in the sanitize_path_from_endpoint and sanitize_path functions within lollms_core\lollms\security.py. These functions are intended to prevent path traversal attacks but can be bypassed on Windows systems. By exploiting this vulnerability, an attacker can gain unauthorized access to sensitive files on the server, leading to information disclosure and potentially causing a denial of service by overloading the server with requests to access large or resource-intensive files.

An attacker targets the endpoint /images/{path:path} by crafting a malicious request with a payload such as /images//D:/POC/secret.txt. This request bypasses the path sanitization checks and allows the attacker to read arbitrary files outside the intended directory. For instance, the attacker could access sensitive configuration files, user data, or system files, depending on the server's file system permissions.

Any installations of the parisneo/lollms web application running on Windows systems and using a version prior to 9.6 are vulnerable. This includes web servers hosting the application and potentially users whose sensitive information could be exposed through this vulnerability.