parisneo Lollms-Webui Directory Listing Vulnerability on Windows

Vulnerability

A directory listing vulnerability has been identified in parisneo/lollms-webui versions v9.9 up to the latest release. This vulnerability allows an attacker to list arbitrary directories on a Windows system by sending a specially crafted HTTP request to the /open_file endpoint.

Impact

Exploitation of this vulnerability could lead to unauthorized directory listing, potentially exposing sensitive files or information on the affected Windows system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.2

exploitability

7.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.2

exploitability

7.8

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

parisneo Lollms-Webui Directory Listing Vulnerability on Windows

Vulnerability

Impact

Affected Products

parisneo/lollms-webui

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating