Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Path Traversal in mintplex-labs/anything-llm
CVE-2024-10513
Description
A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'manager' role to access and manipulate the 'anythingllm.db' database file. By exploiting the vulnerable endpoint '/api/document/move-files', an attacker can move the database file to a publicly accessible directory, download it, and subsequently delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.2.2
- mintplex-labs/mintplex-labs/anything-llmv5Range: unspecified
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.