OpenLLM Local File Inclusion Vulnerability

Vulnerability

A Local File Inclusion (LFI) vulnerability exists in OpenLLM version 0.6.10, allowing attackers to include files from the local server via the web application. This vulnerability could reveal internal server files and sensitive information, such as configuration files, passwords, and other critical data. Unauthorized access to such files could lead to a complete compromise of the system's security, enabling attackers to further infiltrate the network, exfiltrate data, or escalate privileges.

Impact

Exploitation of this vulnerability could result in unauthorized access to critical server files, including configuration files, user credentials, and private keys, potentially leading to a complete compromise of the system's security.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenLLM Local File Inclusion Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating