CVE-2024-10047 — MEDIUM (5.3)

Vulnerability Description

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lollms	Lollms Web Ui	9.9

Related Weaknesses (CWE)

CWE-36

References

https://huntr.com/bounties/69c3a27c-bd93-4aff-a46b-56798f28a3ceExploitThird Party Advisory

FAQ

What is CVE-2024-10047?

CVE-2024-10047 is a vulnerability with a CVSS score of 5.3 (MEDIUM). parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTT...

How severe is CVE-2024-10047?

CVE-2024-10047 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-10047?

Check the references section above for vendor advisories and patch information. Affected products include: Lollms Lollms Web Ui.