What is the severity of CVE-2024-2362?

CVE-2024-2362 has a high severity rating due to its potential to allow an attacker to delete arbitrary files from the system.

How do I fix CVE-2024-2362?

To fix CVE-2024-2362, upgrade Lollms Web UI to version 9.4 or later where the path traversal vulnerability is addressed.

Which platforms are affected by CVE-2024-2362?

CVE-2024-2362 affects Lollms Web UI version 9.3 on both Windows and Linux platforms.

What type of vulnerability is CVE-2024-2362?

CVE-2024-2362 is a path traversal vulnerability that allows unauthorized file deletions.

Can CVE-2024-2362 be exploited by remote attackers?

Yes, CVE-2024-2362 can be exploited by remote attackers if they can interact with the affected application.

Vulnerability/
CVE-2024-2362

critical

9.1

CWE

36 22

6/6/2024

13/2/2025

CVE-2024-2362: Path Traversal in parisneo/lollms-webui

First published: Thu Jun 06 2024(Updated: )

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
All of
Lollms	=9.3
Any of
Linux Kernel
Microsoft Windows Operating System

Never miss a vulnerability like this again

Reference Links

https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba

Frequently Asked Questions

What is the severity of CVE-2024-2362?
CVE-2024-2362 has a high severity rating due to its potential to allow an attacker to delete arbitrary files from the system.
How do I fix CVE-2024-2362?
To fix CVE-2024-2362, upgrade Lollms Web UI to version 9.4 or later where the path traversal vulnerability is addressed.
Which platforms are affected by CVE-2024-2362?
CVE-2024-2362 affects Lollms Web UI version 9.3 on both Windows and Linux platforms.
What type of vulnerability is CVE-2024-2362?
CVE-2024-2362 is a path traversal vulnerability that allows unauthorized file deletions.
Can CVE-2024-2362 be exploited by remote attackers?
Yes, CVE-2024-2362 can be exploited by remote attackers if they can interact with the affected application.

agent/title
agent/weakness
agent/references
agent/first-publish-date
agent/type
agent/description
agent/author
collector/mitre-cve
source/MITRE
agent/severity
agent/source
agent/last-modified-date
agent/event
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/lollms
canonical/lollms
version/lollms/9.3
vendor/linux
canonical/linux kernel
vendor/microsoft
canonical/microsoft windows operating system

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.