The vulnerability stems from inadequate validation of file paths between Windows and Linux environments in the LoLLMs software. Specifically, the application fails to properly sanitize input paths, allowing attackers to exploit the path traversal flaw to access and read files outside the intended directory. This is possible by using backslashes (\) to navigate to the root directory on Windows platforms, effectively bypassing the existing security measures that were designed to prevent such unauthorized access.

An attacker can exploit this vulnerability by sending a specially crafted HTTP GET request to the /user_infos endpoint of the LoLLMs application. By including a path in the request that utilizes backslashes to navigate to the root directory (e.g., \windows\win.ini), the attacker can bypass the application's path validation logic and read any file on the system. This could potentially expose sensitive information, such as environment variables, database files, or configuration files containing critical keys.

Any system running the affected version of parisneo/lollms (9.4.0) on a Windows platform is vulnerable to this path traversal attack. This includes environments where sensitive files are accessible to the application, potentially leading to unauthorized access to critical information.