Sightline

High

lollms

Path Traversal Vulnerability in Settings

A path traversal vulnerability was identified in the settings function of the affected software version, allowing attackers to manipulate the database path. This issue was patched in version 9.5.1.

Available publicly on Jul 20 2024 | Available with Premium on Jun 23 2024

CVE:

CVE-2024-6281

CWE:

440:Expected Behavior Violation

CVSS:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Credit:

hainguyen0207

Assess Detect

Premium

Remediate

Remediation Steps

Update to version 9.5.1 or later.
Ensure that all user inputs are properly sanitized before being processed.
Implement strict validation checks for path parameters.
Restrict access to the settings endpoint to trusted networks only.
Regularly review and update security measures to prevent similar vulnerabilities.

Patch Details

Fixed Version: 9.5.1
Patch Commit: https://github.com/ParisNeo/lollms/commit/26a3ff35acf152b49e1087d5698ad4864c7b6092

Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 436- related security advisories that are available with Sightline Premium.