CVE-2024-2178 – This path traversal vulnerability in parisneo/l... (How to Fix)

Q: What is the severity of CVE-2024-2178?

CVE-2024-2178 has a CVSS score of 7.5 (HIGH). This path traversal vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files by manipulating parameters in the 'copy_to_custom_personas' endpoint. Attackers can use '../' sequences to access sensitive files outside intended directories. Anyone using vulnerable versions of lollms-webui is affected.

📋 TL;DR

This path traversal vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files by manipulating parameters in the 'copy_to_custom_personas' endpoint. Attackers can use '../' sequences to access sensitive files outside intended directories. Anyone using vulnerable versions of lollms-webui is affected.

💻 Affected Systems

Products:

parisneo/lollms-webui

Versions: Versions prior to the fix (specific version unknown from provided data)

Operating Systems: All platforms running lollms-webui

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with the vulnerable endpoint accessible are affected regardless of configuration.

📦 What is this software?

Lollms Web Ui by Lollms

View all CVEs affecting Lollms Web Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, credentials, or SSH keys leading to lateral movement.

🟠

Likely Case

Unauthorized access to sensitive application files, configuration data, or user information stored on the server.

🟢

If Mitigated

Limited to reading files accessible by the web application user account, potentially exposing application secrets.

🌐 Internet-Facing: HIGH - Web applications exposed to the internet are directly vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to escalate privileges or access sensitive data.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple path traversal attack requiring only HTTP requests with manipulated parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version - check latest releases

Vendor Advisory: https://huntr.com/bounties/e585f1dd-a026-4419-8f42-5835e85fad9e

Restart Required: Yes

Instructions:

1. Update to latest lollms-webui version. 2. Verify the fix in lollms_personalities_infos.py. 3. Restart the webui service.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to reject parameters containing path traversal sequences

# In lollms_personalities_infos.py, add validation before processing category/name parameters
# Example: if '..' in category or '..' in name: return error

Endpoint Restriction

all

Restrict access to the vulnerable endpoint using web server rules

# For nginx: location ~* /copy_to_custom_personas { deny all; }
# For Apache: <Location "/copy_to_custom_personas"> Require all denied </Location>

🧯 If You Can't Patch

Implement strict input validation at the web application level to filter '../' sequences
Use file system permissions to restrict the web application user's access to sensitive directories

🔍 How to Verify

Check if Vulnerable:

Test by sending HTTP request to /copy_to_custom_personas with category=../../etc&name=passwd and check if sensitive file contents are returned

Check Version:

Check lollms-webui version in web interface or package metadata

Verify Fix Applied:

Attempt the same path traversal attack after patching - should receive error response instead of file contents

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /copy_to_custom_personas with '..' in parameters
Unusual file access patterns from web application process

Network Indicators:

HTTP requests containing path traversal sequences in URL parameters

SIEM Query:

web.url:*copy_to_custom_personas* AND (web.query:*..* OR web.param:*..*)

📊 Metadata

CVE ID: CVE-2024-2178

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-29

Published: June 2, 2024

Last Updated: July 9, 2025

🔗 References

https://huntr.com/bounties/e585f1dd-a026-4419-8f42-5835e85fad9e Exploit,Issue Tracking,Patch,Third Party Advisory
https://huntr.com/bounties/e585f1dd-a026-4419-8f42-5835e85fad9e Exploit,Issue Tracking,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2178, you might also want to check these: