{"vulnerability": "cve-2024-8898", "sightings": [{"uuid": "84db4c69-33d2-4f8b-9838-a19c0abdc1eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8898", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8243", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-8898\n\ud83d\udd25 CVSS Score: 6.7 (cvssV3_0, Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of user-supplied input, which can be exploited to traverse directories outside the intended path.\n\ud83d\udccf Published: 2025-03-20T10:10:58.125Z\n\ud83d\udccf Modified: 2025-03-20T16:20:06.356Z\n\ud83d\udd17 References:\n1. https://huntr.com/bounties/6072371f-0ddc-42e3-9207-1c6d6b18d32f\n2. https://github.com/parisneo/lollms-webui/commit/6d07c8a0dd0a15cc060becc73fda9fe8e788eb23", "creation_timestamp": "2025-03-20T17:18:52.000000Z"}, {"uuid": "264d76bf-81a4-439d-9f67-098b73382489", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-8898", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}]}