NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-6971

Summary	A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim's computer, potentially installing multiple packages and causing a crash.
Publication Date	Oct. 11, 2024, 10:15 p.m.
Registration Date	Oct. 12, 2024, 5 a.m.
Last Update	Oct. 15, 2024, 9:58 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://huntr.com/bounties/fbfe7cd0-99fb-4305-bd07-8b573364109e

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-22	パス・トラバーサル	https://cwe.mitre.org/data/definitions/22.html

JVN Vulnerability Information

parisneo の lollms web ui におけるパストラバーサルの脆弱性

Title	parisneo の lollms web ui におけるパストラバーサルの脆弱性
Summary	parisneo の lollms web ui には、パストラバーサルの脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 11, 2024, midnight
Registration Date	July 4, 2025, 2:14 p.m.
Last Update	July 4, 2025, 2:14 p.m.

Affected System

parisneo

lollms web ui 9.8

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-6971	https://www.cve.org/CVERecord?id=CVE-2024-6971
National Vulnerability Database (NVD)
2	CVE-2024-6971	https://nvd.nist.gov/vuln/detail/CVE-2024-6971

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-22	https://jvndb.jvn.jp/ja/cwe/CWE-22.html

その他

No	Name	URL
関連文書
1	huntr.com (fbfe7cd0-99fb-4305-bd07-8b573364109e)	https://huntr.com/bounties/fbfe7cd0-99fb-4305-bd07-8b573364109e

Change Log

No	Changed Details	Date of change
1	[2025年07月04日] 掲載	July 4, 2025, 2:14 p.m.