4 matches found
CVE-2024-10019
A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...
CVE-2024-10019 Path Traversal and OS Command Injection in parisneo/lollms-webui
A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...
CVE-2024-10019 Path Traversal and OS Command Injection in parisneo/lollms-webui
A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...
CVE-2024-10019
The CVE-2024-10019 entry concerns parisneo/lollms-webui V12 (Strawberry), where the start_app_server function does not sanitize the app_name parameter, enabling path traversal and OS command injection. This can allow an attacker to upload a malicious server.py and run arbitrary code. Connected so...