182 matches found
PT-2024-23297 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is related to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this by...
CVE-2024-0798 Privilege Escalation in mintplex-labs/anything-llm
A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this...
CVE-2024-0798 Privilege Escalation in mintplex-labs/anything-llm
A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this...
CVE-2023-5832
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
CVE-2023-5833
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
Improper access control
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
CVE-2023-5833 Improper Access Control in mintplex-labs/anything-llm
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
CVE-2023-5833
The connected Huntr document provides concrete details for CVE-2023-5833: an improper access control flaw in mintplex-labs/anything-llm prior to 0.1.0 that allows overwriting backend environment variables via the /api/system/update-env endpoint. The vulnerability arises from how KEY_MAPPING expos...
CVE-2023-5833 Improper Access Control in mintplex-labs/anything-llm
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0...
CVE-2023-5832
CVE-2023-5832 affects mintplex-labs/anything-llm prior to 0.1.0. Root cause: improper input validation in the HTTP API that handles a filename parameter, enabling path traversal and, in some reports, arbitrary file deletion (PoC shows deletion of files like ../../server/storage/anythingllm.db). I...
PT-2023-32365 · Unknown · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 0.1.0 Description: The issue is related to improper access control in the GitHub repository mintplex-labs/anything-llm. Recommendations: For versions prior to 0.1.0, update to version 0.1.0 or late...
CVE-2023-4899
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4898
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4899 SQL Injection in mintplex-labs/anything-llm
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4899
The CVE-2023-4899 entry concerns a SQL Injection vulnerability in mintplex-labs/anything-llm (versions prior to 0.0.1). The Red Hat/NVD/NVD-derived entries align on the vulnerability class, with the Huntr PoC detailing a concrete flaw in the /api/workspace/:slug endpoint where the slug parameter ...
CVE-2023-4899 SQL Injection in mintplex-labs/anything-llm
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4898 Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4898 Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4898 Authentication Bypass by Primary Weakness in mintplex-labs/anything-llm
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...
CVE-2023-4897 Relative Path Traversal in mintplex-labs/anything-llm
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...