Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:59 p.m.14 views

CVE-2024-9920

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...

8.8CVSS7.8AI score0.01247EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.17 views

CVE-2024-9920

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...

8.8CVSS0.01247EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:10 a.m.8 views

CVE-2024-9920 Unrestricted File Upload and Execution in parisneo/lollms-webui

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...

6.6CVSS7.1AI score0.01247EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.17 views

CVE-2024-9920 Unrestricted File Upload and Execution in parisneo/lollms-webui

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...

6.6CVSS0.01247EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.81 views

CVE-2024-9920

CVE-2024-9920 affects parisneo/lollms-webui (v12). The vulnerability occurs in the “Send file to AL” feature, which accepts file uploads with extensions such as .py/.sh/.bat and then can execute them via the /open_file endpoint. Root cause: files are opened with subprocess.Popen without proper va...

8.8CVSS7.1AI score0.01247EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder