CVE-2024-4841

LOW EXPLOITED NUCLEI

Lollms-webui - Path Traversal

Title source: rule

Description

A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.

Nuclei Templates (1)

LoLLMS WebUI - Subfolder Prediction via Path Traversal

MEDIUMby s4e-io

FOFA: LoLLMS WebUI - Welcome

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602

Scores

CVSS v3 3.3

EPSS 0.0846

EPSS Percentile 92.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2026-03-11

CWE

CWE-29

Status published

Products (1)

lollms/lollms-webui 9.6

Published Jun 23, 2024

Tracked Since Feb 18, 2026