Lucene search

CVE-2024-2366

🗓️ 16 May 2024 09:10:15Reported by @huntr_aiType

cve🔗 web.nvd.nist.gov👁 36 Views🌐 WEB

Remote code execution vulnerability in parisneo/lollms-webui applicatio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 3
Vulnrichment	CVE-2024-2366 Remote Code Execution in parisneo/lollms-webui	16 May 202409:03	–	vulnrichment
NVD	CVE-2024-2366	16 May 202409:15	–	nvd
Cvelist	CVE-2024-2366 Remote Code Execution in parisneo/lollms-webui	16 May 202409:03	–	cvelist

[
  {
    "vendor": "parisneo",
    "product": "parisneo/lollms-webui",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/63266c77-408b-45ff-962c-8163db50a864

Parameter	Position	Path	Description	CWE
binding_path	request body	/lollms_core/lollms/server/endpoints/lollms_binding_infos.py	Remote code execution due to insufficient path sanitization in reinstall_binding functionality.	CWE-77

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 May 2024 09:15Current

8.2High risk

Vulners AI Score8.2

CVSS39

EPSS0.00742

SSVC

CWE-77