cbcvebase.
CVE-2024-6394
published 2024-09-30

CVE-2024-6394: A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the…

PriorityP345high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
0.60%
44.0th percentile
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.

Affected

2 ranges
VendorProductVersion rangeFixed in
lollmslollms_web_ui
parisneoparisneo_lollms-webuiunspecified – latest
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.