Описание
parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:lollms:lollms_web_ui:9.9:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.0106
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-36
Связанные уязвимости
CVSS3: 5.3
github
11 месяцев назад
parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.
EPSS
Процентиль: 77%
0.0106
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-36