Critical

lollms

Path Traversal Vulnerability

A path traversal vulnerability was identified in the parisneo/lollms web application, specifically within its path sanitization functions, allowing for arbitrary file reading when the application is run on Windows. This issue affects the latest version prior to 9.6, which contains the patch.

Available publicly on May 20 2024

9.8

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Credit:

trongphuc12
Threat Overview

The vulnerability arises from inadequate path sanitization in the sanitize_path_from_endpoint and sanitize_path functions within lollms_core\lollms\security.py. These functions are intended to prevent path traversal attacks but can be bypassed on Windows systems. By exploiting this vulnerability, an attacker can gain unauthorized access to sensitive files on the server, leading to information disclosure and potentially causing a denial of service by overloading the server with requests to access large or resource-intensive files.

Attack Scenario

An attacker targets the endpoint /images/{path:path} by crafting a malicious request with a payload such as /images//D:/POC/secret.txt. This request bypasses the path sanitization checks and allows the attacker to read arbitrary files outside the intended directory. For instance, the attacker could access sensitive configuration files, user data, or system files, depending on the server's file system permissions.

Who is affected

Any installations of the parisneo/lollms web application running on Windows systems and using a version prior to 9.6 are vulnerable. This includes web servers hosting the application and potentially users whose sensitive information could be exposed through this vulnerability.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.