Vulnerability Database

296,489

Total vulnerabilities in the database

CVE-2024-1511

The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages.

Published: Apr 10, 2024
Updated: Jul 10, 2025
CVE: CVE-2024-1511
Exploit:

No technical information available.

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
lollms / lollms_web_ui	9.0	9.0.x

https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo