LoLLMs WEBUI 安全漏洞

LoLLMs WEBUI is a large-scale model web user interface developed by Saifeddine ALOUI, which supports integration of multiple models and modalities. LoLLMs WEBUI has a security vulnerability; this vulnerability stems from the name parameter in the /reinstallextension endpoint containing local file...

CVE-2024-9919

The CVE-2024-9919 issue affects parisneo/lollms-webui version 13, specifically the uninstall endpoint. A missing authentication check in /uninstall/{app_name} means the server does not call check_access() to verify client_id, allowing unauthorized directory deletions. The vulnerability is describ...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by Saifeddine ALOUI Individual Developer. A security vulnerability exists in LoLLMs Web UI version V13, which stems from a lack of authentication checks in the offload endpoint and could lead to unauthorized director...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs Web UI version V12, which stems from the startappserver function not properly cleaning up the appname parameter, which could lea...

LoLLMs Web UI 代码注入漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A code injection vulnerability exists in LoLLMs Web UI version V12, which stems from the uploadapp function not filtering user input, which could result in a path travers...

LoLLMs Web UI 代码问题漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by Saifeddine ALOUI Individual Developer. A code issue vulnerability exists in LoLLMs Web UI version v12, which stems from the Send file to AL feature that allows uploading of dangerous files, which could lead to...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs Web UI v9.9 to the latest version, which stems from a directory listing vulnerability that allows an attacker to list arbitrary...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by Saifeddine ALOUI Individual Developer. A security vulnerability exists in LoLLMs Web UI version V13, which originates from an unauthenticated URL and could lead to a server-side request forgery attack...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs Web UI version V12, which stems from multiple file upload endpoints that do not properly handle CSRF protection, potentially...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from mishandling of user-supplied input in the listpersonalities function, allowing an attacker to traverse the directory structure and list...

lollms-webui 操作系统命令注入漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in lollms-webui that stems from incorrect validation of user-supplied input...