CVE-2024-8982

MEDIUM

OpenLLM 0.6.10 - LFI

Title source: llm

Description

A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords, and other critical data. Unauthorized access to critical server files, such as configuration files, user credentials (/etc/passwd), and private keys, can lead to a complete compromise of the system's security. Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment.

References (1)

[Exploit, Third Party Advisory] https://huntr.com/bounties/b7bdc9a1-51ac-402a-8e6e-0d977699aca6

Scores

CVSS v3 6.2

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-29

Status draft

Timeline

Published Mar 20, 2025

Tracked Since Feb 18, 2026