Lucene search
+L

4 matches found

NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10019

A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...

6.7CVSS0.00796EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.8 views

CVE-2024-10019 Path Traversal and OS Command Injection in parisneo/lollms-webui

A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...

6.3CVSS7.1AI score0.00796EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.16 views

CVE-2024-10019 Path Traversal and OS Command Injection in parisneo/lollms-webui

A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...

6.3CVSS0.00796EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.47 views

CVE-2024-10019

The CVE-2024-10019 entry concerns parisneo/lollms-webui V12 (Strawberry), where the start_app_server function does not sanitize the app_name parameter, enabling path traversal and OS command injection. This can allow an attacker to upload a malicious server.py and run arbitrary code. Connected so...

6.7CVSS7.1AI score0.00796EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder