Unrated severityNVD Advisory· Published Apr 10, 2024· Updated Aug 1, 2024
Local File Inclusion in parisneo/lollms-webui
CVE-2024-1600
Description
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (../../) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.