CVE-2024-9919 - Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability
CVE-2024-9919 - Parisneo Lollms Webui Missing Authentication Check Directory Traversal Vulnerability
CVE ID : CVE-2024-9919 Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago Description : A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers
CVE ID : CVE-2024-9919
Published : March 20, 2025, 10:15 a.m. | 2 days, 4 hours ago
Description : A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/{app_name} API endpoint does not call the check_access() function to verify the client_id, enabling attackers to delete directories without proper authentication.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…