2 matches found
CVE-2024-9919 Missing Authentication Check in parisneo/lollms-webui
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...
CVE-2024-9919
The CVE-2024-9919 issue affects parisneo/lollms-webui version 13, specifically the uninstall endpoint. A missing authentication check in /uninstall/{app_name} means the server does not call check_access() to verify client_id, allowing unauthorized directory deletions. The vulnerability is describ...