CVE-2024-4322

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version of the application. The vulnerability is due to improper handling of user-supplied input in the `list_personalities` function, where the `category` parameter can be controlled to specify arbitrary directories for listing. Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209	Exploit Third Party Advisory Issue Tracking Patch
https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209	Exploit Third Party Advisory Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*

History

09 Jul 2025, 14:32

Type	Values Removed	Values Added
CPE		cpe:2.3:a:lollms:lollms_web_ui::::::::
First Time		Lollms Lollms lollms Web Ui
References	~~() https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209 -~~	() https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209 - Exploit, Third Party Advisory, Issue Tracking, Patch

21 Nov 2024, 09:42

Type	Values Removed	Values Added
References	~~() https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209 -~~	() https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209 -

16 May 2024, 13:03

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-16 09:15

Updated : 2025-07-09 14:32

NVD link : CVE-2024-4322

Mitre link : CVE-2024-4322

CVE.ORG link : CVE-2024-4322

JSON object : View

Products Affected

lollms

lollms_web_ui

CWE

CWE-29

Path Traversal: '\..\filename'

{"id": "CVE-2024-4322", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-05-16T09:15:16.613", "references": [{"url": "https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking", "Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/5116d858-ce00-418c-a5a5-851c5608c209", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-29"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version of the application. The vulnerability is due to improper handling of user-supplied input in the `list_personalities` function, where the `category` parameter can be controlled to specify arbitrary directories for listing. Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure."}, {"lang": "es", "value": "Existe una vulnerabilidad de path traversal en la aplicaci\u00f3n parisneo/lollms-webui, espec\u00edficamente dentro del endpoint `/list_personalities`. Al manipular el par\u00e1metro \"categor\u00eda\", un atacante puede atravesar la estructura del directorio y enumerar cualquier directorio del sistema. Este problema afecta a la \u00faltima versi\u00f3n de la aplicaci\u00f3n. La vulnerabilidad se debe al manejo inadecuado de la entrada proporcionada por el usuario en la funci\u00f3n `list_personalities`, donde el par\u00e1metro `category` se puede controlar para especificar directorios arbitrarios para listar. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante enumerar todas las carpetas en la unidad del sistema, lo que podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n."}], "lastModified": "2025-07-09T14:32:00.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8698D4D-FA1A-40D5-9DD2-0804D296907C", "versionEndExcluding": "9.8"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}