2 matches found
CVE-2024-3101 Privilege Escalation via Improper Input Validation in mintplex-labs/anything-llm
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multiusermode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This acti...
CVE-2024-3101
CVE-2024-3101 affects mintplex-labs/anything-llm. The vulnerability arises from improper input validation in handling multi_user_mode, where sending a crafted request with multi_user_mode set to false can deactivate Multi-User Mode. This enables creation of a new admin user without a password, le...