CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-6394

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00081/1

CVE-2024-6394: Local File Inclusion vulnerability in lollms-webui before v9.8. This security flaw allows attackers to access sensitive server files by exploiting unverified path concatenation within the serve_js function. The path traversal attack can expose critical data like SSH keys and configuration files. With an SVRS of 30, while not critical, this vulnerability warrants attention to prevent potential data breaches. Exploiting this flaw can grant unauthorized access to arbitrary files. Organizations using affected versions should update immediately to mitigate the risk of sensitive data exposure and system compromise.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-09-30
LAST MODIFIED2024-09-30

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-6394 | parisneo lollms-webui up to 9.7 Configuration File app.py serve_js path traversal
vuldb.com2024-09-30
CVE-2024-6394 | parisneo lollms-webui up to 9.7 Configuration File app.py serve_js path traversal | A vulnerability classified as problematic has been found in parisneo lollms-webui up to 9.7. Affected is the function serve_js of the file app.py of the component Configuration File Handler. The manipulation leads to path traversal: &#039;\..\filename&#039;. This vulnerability is traded as <
cve-2024-6394
domains
urls
cves

Social Media

🚨ALERT🚨 CVE-2024-6394 CNA: Protect AI A Local File Inclusion #vulnerability in parisneo/lollms-webui versions&lt; v9.8 allows path traversal, risking unauthorized access to sensitive files. CVSS SCORE : 7.5(HIGH) #cybersecurity #news #artificialinteligence #infosecurity #CyberSec
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://huntr.com/bounties/6df4f990-b632-4791-b3ea-f40c9ea905bf

CWE Details

CWE IDCWE NameDescription
CWE-29Path Traversal: '..filename'The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '..filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence