2024-06-23 14:33:33
@huntr_ai
PUBLISHED
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the add_reference_to_local_mode function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victims computer. The vulnerability is present in the way the application handles the path parameter in HTTP requests to the /add_reference_to_local_model endpoint.