A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path`…
@huntr_ai·CWE-22·Published 2024-07-20
A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.
A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.
A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.
A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.
Existe una vulnerabilidad de path traversal en la función `apply_settings` de las versiones parisneo/lollms anteriores a la 9.5.1. La función `sanitize_path` no protege adecuadamente el parámetro `discussion_db_name`, lo que permite a los atacantes manipular la ruta y potencialmente escribir en carpetas importantes del sistema.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.0 | Primary | cve.org | 7.3 | — | — | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
| 3.0 | Primary | cve.org | 7.3 | — | — | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
| 3.0 | Secondary | NVD | 7.3 | 2.5 | 4.7 | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
| 3.1 | Secondary | GHSA | 7.3 | — | — | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
| 4.0 | Secondary | GHSA | 7.0 | — | — | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N |