High

lollms

Path Traversal Vulnerability in Settings

A path traversal vulnerability was identified in the settings function of the affected software version, allowing attackers to manipulate the database path. This issue was patched in version 9.5.1.

Available publicly on Jul 20 2024

7.3

CVSS:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Threat Overview

The vulnerability arises from the improper sanitization of user inputs in the settings function, specifically in the 'discussion_db_name' parameter. This allows an attacker to traverse directories and potentially write to critical system folders. The lack of proper validation and sanitization of paths makes the system susceptible to unauthorized file access and modification.

Attack Scenario

An attacker could exploit this vulnerability by sending a crafted HTTP request to the '/apply_settings' endpoint with a malicious 'discussion_db_name' value. This would allow the attacker to change the database path to a location of their choosing, potentially overwriting important system files or gaining unauthorized access to sensitive data.

Who is affected

Users running the affected version of the software who expose the settings endpoint to untrusted networks are at risk. This includes administrators and users who have not yet updated to the patched version 9.5.1.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.