References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

https://huntr.com/bounties/c1cfc0d9-517a-4d0e-bf1c-6444c1fd195d

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

NIST NVD-CWE-Other

OR
     *cpe:2.3:a:lollms:lollms_web_ui:-:*:*:*:*:*:*:*

https://huntr.com/bounties/c1cfc0d9-517a-4d0e-bf1c-6444c1fd195d No Types Assigned

https://huntr.com/bounties/c1cfc0d9-517a-4d0e-bf1c-6444c1fd195d Third Party Advisory

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the `DiscussionsDB` instance. This flaw enables attackers to create directories anywhere on the system where the application has permissions, potentially leading to denial of service by creating directories with names of critical files, su

huntr.dev AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

huntr.dev CWE-749

huntr.dev https://huntr.com/bounties/c1cfc0d9-517a-4d0e-bf1c-6444c1fd195d [No types assigned]