VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Path Traversal in parisneo/lollms-webui

CVE-2024-8581

Description

A vulnerability in the upload_app function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lollms/Lollmsllm-fuzzy2 versions
    = V12 (Strawberry)+ 1 more
    • (no CPE)range: = V12 (Strawberry)
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.