Medium

lollms-webui

Directory Listing via Path Traversal

A vulnerability in versions v9.9 to the latest of the software allows an attacker to list arbitrary directories on a Windows system. This issue has not yet been patched.

Available publicly on Oct 04 2024

5.3

CVE:

CVE-2024-10047

CWE:

36:Absolute Path Traversal

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Credit:

hainguyen0207
AssessDetect

Unavailable

Remediate
Remediation Steps
  1. Validate and sanitize user input to ensure only allowed paths are accessible.
  2. Implement proper access controls to restrict directory listings to authorized users.
  3. Update the software to the latest version once a patch is available.
  4. Regularly review and test the codebase for similar vulnerabilities.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.