High severity7.1NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-9597

Description

A Path Traversal vulnerability exists in the /wipe_database endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the key parameter, which is used to construct file paths. An attacker can exploit this by sending a specially crafted HTTP request to delete arbitrary directories.

Affected products

Lollms/Lollmsinferred
Range: =12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

huntr.com/bounties/1f6c8908-d486-4141-be55-25bd29933d8bnvd

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000