Lucene search

CVE-2024-4078

🗓️ 16 May 2024 09:15:15Reported by @huntr_aiType

cve🔗 web.nvd.nist.gov👁 41 Views🌐 WEB

Vulnerability in parisneo/lollms software allows arbitrary code execution via unInstall_binding endpoint due to insufficient input sanitization

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
OSV	GHSA-PWC9-Q4HJ-PG8G LoLLMS Command Injection vulnerability	16 May 202409:33	–	osv
OSV	CVE-2024-4078	16 May 202409:15	–	osv
Vulnrichment	CVE-2024-4078 Arbitrary Code Execution in parisneo/lollms	16 May 202409:03	–	vulnrichment
Github Security Blog	LoLLMS Command Injection vulnerability	16 May 202409:33	–	github
Cvelist	CVE-2024-4078 Arbitrary Code Execution in parisneo/lollms	16 May 202409:03	–	cvelist
NVD	CVE-2024-4078	16 May 202409:15	–	nvd
Veracode	Arbitrary Code Execution	29 May 202409:12	–	veracode

Vulnrichment

Node

parisneo lollms-webuiMatch1.4.6

[
  {
    "vendor": "parisneo",
    "product": "parisneo/lollms",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "main",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d
github	www.github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f

Parameter	Position	Path	Description	CWE
name	query param	/unInstall_binding	Arbitrary code execution due to insufficient sanitization of user input in the 'name' parameter.	CWE-77

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 May 2024 09:15Current

9.7High risk

Vulners AI Score9.7

CVSS39.8

EPSS0.01608

SSVC

CWE-77