Parisneo Lollms Path Traversal Vulnerability in Wipe Database Endpoint Allowing Arbitrary Directory Deletion

A path traversal vulnerability has been identified in the '/wipe_database' endpoint of Parisneo Lollms version 12. This vulnerability allows an attacker to delete any directory on the system by exploiting improper validation of the 'key' parameter, which is used to construct file paths. By sending a specially crafted HTTP request, an attacker can manipulate the file path to target arbitrary directories for deletion.

Impact

Exploitation of this vulnerability allows for the deletion of any directory on the system, potentially leading to loss of important data or application functionality.

Reproduction

To reproduce this vulnerability, send a DELETE request to the '/wipe_database' endpoint with a crafted 'key' parameter that includes path traversal sequences. This will manipulate the file path to target a specific directory for deletion. The request can be made using a tool like Postman or curl, ensuring to include the necessary headers such as 'Content-Type' and 'User-Agent'.

Remediation

The vulnerability can be addressed by adding proper path sanitization to the endpoint, ensuring that the 'key' parameter is validated to prevent traversal attacks.