Описание
A Path Traversal vulnerability exists in the /wipe_database endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the key parameter, which is used to construct file paths. An attacker can exploit this by sending a specially crafted HTTP request to delete arbitrary directories.
EPSS
7.1 High
CVSS3
Дефекты
Связанные уязвимости
A Path Traversal vulnerability exists in the `/wipe_database` endpoint of parisneo/lollms version v12, allowing an attacker to delete any directory on the system. The vulnerability arises from improper validation of the `key` parameter, which is used to construct file paths. An attacker can exploit this by sending a specially crafted HTTP request to delete arbitrary directories.
EPSS
7.1 High
CVSS3