CVE-2024-8581

NONE EPSS 55.1%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the `upload_app` function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the `filename` value, causing a Path Traversal error.

Threat Intelligence

EPSS Exploit Probability
55.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

VendorProductVersionRange
lollmslollms_web_ui12any

References 2

  • github.com https://github.com/parisneo/lollms-webui/commit/dcc078cbe20d2a9640b0942a622134b0e3fa6e48
    Patch
  • huntr.com https://huntr.com/bounties/67ead5b9-8149-4001-a1cd-ac648cb7b414
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/parisneo/lollms-webui/commit/dcc078cbe20d2a9640b0942a622134b0e3fa6e48
    Patch