2982 matches found
CVE-2024-3322
A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...
CVE-2024-2548
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the lollmscore/lollms/server/endpoints/lollmsbindingfilesserver.py and lollmscore/lollms/security.py files. Due to inadequate validation of file paths between Windows and Linux environments using...
CVE-2024-2548
A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the lollmscore/lollms/server/endpoints/lollmsbindingfilesserver.py and lollmscore/lollms/security.py files. Due to inadequate validation of file paths between Windows and Linux environments using...
CVE-2024-2362
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of...
CVE-2024-2359
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /executecode endpoint, which is intended to be blocked from external access by default. However,...
CVE-2024-2362
A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of...
CVE-2024-2360
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute...
CVE-2024-2359 Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /executecode endpoint, which is intended to be blocked from external access by default. However,...
CVE-2024-2359 Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /executecode endpoint, which is intended to be blocked from external access by default. However,...
CVE-2024-2360
CVE-2024-2360 affects parisneo/lollms-webui. The vulnerability is a path traversal flaw due to insufficient sanitization of user-supplied input in the settings for the Database path and PDF LaTeX path , allowing an attacker to traverse directories and potentially execute arbitrary code on the tar...
CVE-2024-2360 Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute...
CVE-2024-2360 Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute...
CVE-2024-3322 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...
CVE-2024-3322 Path Traversal in parisneo/lollms-webui
A path traversal vulnerability exists in the 'cybersecurity/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'processfolder' function within...
CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...
CVE-2024-1873 Path Traversal and Denial of Service in parisneo/lollms-webui
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed /selectdatabase endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the DiscussionsDB instance. This flaw...
CVE-2024-2288
CVE-2024-2288 – CSRF in Lollms WebUI profile picture upload affects parisneo/lollms-webui up to version 7.3.0. The vulnerability enables changing a user’s profile picture without consent and can lead to denial of service by filesystem flooding, with potential stored XSS in the victim’s browser se...
CVE-2024-2288 CSRF File Upload Vulnerability in parisneo/lollms-webui
A Cross-Site Request Forgery CSRF vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without thei...
CVE-2024-4320 Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui
A remote code execution RCE vulnerability exists in the '/installextension' endpoint of the parisneo/lollms-webui application, specifically within the @router.post"/installextension" route handler. The vulnerability arises due to improper handling of the name parameter in the...
CVE-2024-4320 Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui
A remote code execution RCE vulnerability exists in the '/installextension' endpoint of the parisneo/lollms-webui application, specifically within the @router.post"/installextension" route handler. The vulnerability arises due to improper handling of the name parameter in the...