CVE-2024-2360

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/65d0ef59-a761-4bbd-86fa-dd8e8621082e

Configurations

No configuration.

History

No history.

Information

Published : 2024-06-06 19:15

Updated : 2024-06-07 14:56

NVD link : CVE-2024-2360

Mitre link : CVE-2024-2360

CVE.ORG link : CVE-2024-2360

JSON object : View

Products Affected

No product.

CWE

CWE-29

Path Traversal: '\..\filename'

{"id": "CVE-2024-2360", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-06-06T19:15:54.570", "references": [{"url": "https://huntr.com/bounties/65d0ef59-a761-4bbd-86fa-dd8e8621082e", "source": "security@huntr.dev"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-29"}]}], "descriptions": [{"lang": "en", "value": "parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter."}, {"lang": "es", "value": "parisneo/lollms-webui es vulnerable a ataques de path traversal que pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo debido a una sanitizaci\u00f3n insuficiente de la entrada proporcionada por el usuario en las configuraciones de 'Ruta de la base de datos' y 'Ruta PDF LaTeX'. Un atacante puede aprovechar esta vulnerabilidad manipulando esta configuraci\u00f3n para ejecutar c\u00f3digo arbitrario en el servidor objetivo. El problema afecta a la \u00faltima versi\u00f3n del software. La vulnerabilidad surge del manejo que hace la aplicaci\u00f3n de los par\u00e1metros 'discussion_db_name' y 'pdf_latex_path', que no validan adecuadamente las rutas de los archivos, lo que permite directory traversal. Esta vulnerabilidad tambi\u00e9n puede provocar una mayor exposici\u00f3n de archivos y otros vectores de ataque al manipular el par\u00e1metro 'discussion_db_name'."}], "lastModified": "2024-06-07T14:56:05.647", "sourceIdentifier": "security@huntr.dev"}