CRITICAL🇵🇱 Wersja polska

CVE-2024-8581

CVSS 9.1v3.0pub. 2025-03-20upd. 2025-10-15

A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the `filename` value, causing a Path Traversal error.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Lollms Web Ui

    APP
    Lollms
    12
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2026-33340CRITICAL9.1PL ✓ten sam produkt

SSRF i brak uwierzytelnienia w lollms-webui — dostęp do wewnętrznych zasobów

CVE-2024-8898CRITICAL9.8PL ✓ten sam produkt

Path traversal w API install/uninstall lollms-webui V12 (Strawberry)

CVE-2024-1873CRITICAL9.1PL ✓ten sam produkt

Path Traversal i DoS w endpoint /select_database aplikacji lollms-webui

CVE-2024-2359CRITICAL9.8PL ✓ten sam produkt

Command Injection w lollms-webui — obejście zabezpieczeń i RCE

CVE-2024-2360CRITICAL9.8PL ✓ten sam produkt

Path Traversal prowadzący do RCE w parisneo/lollms-webui