CVE-2024-10047 MEDIUM

CVE-2024-10047: Directory Listing Vulnerability in parisneo/lollms-webui

Vendor Parisneo
Product parisneo/lollms-webui
Weakness CWE-36
Published March 20, 2025
Last update March 20, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

parisneo/lollms-webui versions v9.9 to the latest are vulnerable to a directory listing vulnerability. An attacker can list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated