Ctrl + K
/ news / CVE
CVEPublished 2024-05-161 article on news7 live referencesNVD data

CVE-2024-4322

Vulnerability data via CVEDB (Shodan)

CVSS v3.1
7.5
HIGH
EPSS percentile
98
Exploit Prediction Scoring System · top 2% of all CVEs
Description

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version of the application. The vulnerability is due to improper handling of user-supplied input in the `list_personalities` function, where the `category` parameter can be controlled to specify arbitrary directories for listing. Successful exploitation of this vulnerability could allow an attacker to list all folders in the drive on the system, potentially leading to information disclosure.

Timeline
Published 2024-05-16

External references

NVDMITREExploit-DBGitHub PoCSploitustrickest/cveVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2024-4322
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Lollms Lollms Web Ui"
All exposed Lollms Lollms Web Ui instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Lollms Web Ui"
HTTP body or banner mentions "Lollms Web Ui" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2024-4322
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2024-4322
Censys host search filtered to this CVE id.
grep.app
CVE-2024-4322
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2024-4322
GitHub code search for direct mentions.
Google dork
"CVE-2024-4322" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2024-43228 repos
nomi-sec/PoC-in-GitHubunknown
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
★ 7,848·updated today
xairy/linux-kernel-exploitationunknown
A collection of links related to Linux kernel security and exploitation
★ 6,504·updated 3w ago
Ostorlab/KEVunknown
Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
★ 612·updated 3mo ago
IamAlch3mist/Awesome-Android-Vulnerability-Researchunknown
★ 63·updated 3d ago
maxgfr/awesome-starsunknown
List of repositories that I liked on Github
★ 22·updated today
mooyoul/awesome-starsunknown
A curated list of my GitHub stars
★ 21·updated today
zulloper/cve-pocPython
CVE POC repo 자동 수집기
★ 13·updated today
Ghostasky/ALLStarRepoPython
我所有star的repo
★ 10·updated 3mo ago
Articles on news mentioning CVE-2024-4322