Vulnerability Database

296,489

Total vulnerabilities in the database

CVE-2024-6985

A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.

Published: Oct 11, 2024
Updated: May 4, 2025
CVE: CVE-2024-6985
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-23

Affected Software
References

Software	From	Fixed in
lollms / lollms	-	5.9.0

https://github.com/parisneo/lollms/commit/28ee567a9a120967215ff19b96ab7515ce469620
https://huntr.com/bounties/79c11579-47d8-4e68-8466-b47c3bf5ef6a

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo