2 matches found
CVE-2024-2358 Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
A path traversal vulnerability in the '/applysettings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter...
CVE-2024-2358
The CVE-2024-2358 path-traversal vulnerability affects parisneo/lollms-webui, exposed via the /apply_settings endpoint where unsanitized user input in the extensions parameter enables navigation to arbitrary directories. An attacker could craft a payload with ../../../ sequences to load and execu...