CVE-2024-4320

CVE-2024-4320 describes a remote code execution via path traversal in parisneo/lollms (extensions builder). The Red Hat and related records credit a vulnerability in parisneo/lollms where ExtensionBuilder().build_extension() on the /mount_extension endpoint (and similarly described install_extens...

CVE-2024-5482

A Server-Side Request Forgery SSRF vulnerability exists in the 'addwebpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs,...

CVE-2024-5482

A Server-Side Request Forgery SSRF vulnerability exists in the 'addwebpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs,...

CVE-2024-2624

The connected Red Hat, NVD, OSV, and CVE records confirm a path traversal and arbitrary file upload vulnerability in parisneo/lollms-webui, affecting versions prior to 9.4 and exploitable via the /switch_personal_path endpoint in lollms_user.py. Root cause: insufficient sanitization of the path p...

CVE-2024-2624 Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

CVE-2024-2624 Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

CVE-2024-2548

CVE-2024-2548 affects parisneo/lollms-webui. A path traversal flaw exists in the modules lollms_binding_files_server.py and security.py caused by inadequate validation of Windows vs Linux paths using Path(path).is_absolute(). An attacker can trigger reading arbitrary system files via the endpoint...

CVE-2024-2548 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the lollmscore/lollms/server/endpoints/lollmsbindingfilesserver.py and lollmscore/lollms/security.py files. Due to inadequate validation of file paths between Windows and Linux environments using...

CVE-2024-2548 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the lollmscore/lollms/server/endpoints/lollmsbindingfilesserver.py and lollmscore/lollms/security.py files. Due to inadequate validation of file paths between Windows and Linux environments using...

CVE-2024-2362

The CVE-2024-2362 entry concerns parisneo/lollms-webui versión 9.3 on Windows, with a path traversal vulnerability in the del_preset endpoint due to inadequate input sanitization. The issue permits an attacker to delete files outside the intended directory by supplying absolute or traversal path...

CVE-2024-2362 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of...

CVE-2024-2362 Path Traversal in parisneo/lollms-webui

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of...

CVE-2024-5482 SSRF in add_webpage endpoint in parisneo/lollms-webui

A Server-Side Request Forgery SSRF vulnerability exists in the 'addwebpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs,...

CVE-2024-5482 SSRF in add_webpage endpoint in parisneo/lollms-webui

A Server-Side Request Forgery SSRF vulnerability exists in the 'addwebpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs,...

PT-2024-19975 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.3 Description: A path traversal vulnerability exists due to improper validation of file paths between Windows and Linux environments, allowing an attacker to delete any file on the system. The issue arises from...

PT-2024-30366 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: A remote code execution RCE vulnerability exists in the '/install extension' endpoint of the parisneo/lollms-webui application. The vulnerability arises due to improper handli...

PT-2024-36425 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version latest Description: A Server-Side Request Forgery SSRF vulnerability exists in the "add webpage" endpoint, allowing attackers to input arbitrary URLs, including those targeting internal resources such as localhos...

PT-2024-21311 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions prior to 9.4 Description: A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the /switch personal path endpoint in ./lollms-webui/lollms...

PT-2024-25156 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions up to 9.5 Description: A path traversal vulnerability exists in the 'cyber security/codeguard' native personality, arising from the improper limitation of a pathname to a restricted directory in the 'process...

PT-2024-20964 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions prior to 9.5 Description: A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the lollms core/lollms/server/endpoints/lollms binding files server.py and lollms...