Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in parisneo/lollms-webui
Vulnerability Description
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the 'category' parameter to access arbitrary directories. The vulnerability is present in the code located at the 'endpoints/lollms_advanced.py' file.
CVSS Information
N/A
Vulnerability Type
相对路径遍历
Vulnerability Title
LoLLMs 路径遍历漏洞
Vulnerability Description
LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言多模式系统的 Web UI。 LoLLMs 9.6版本存在路径遍历漏洞,该漏洞源于 list_personalities 端点对用户提供的输入处理不当,攻击者利用该漏洞可以通过制作恶意 HTTP 请求遍历目录结构并查看任何文件夹的内容。
CVSS Information
N/A
Vulnerability Type
N/A