5 matches found
CVE-2024-9920
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...
CVE-2024-9920
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...
CVE-2024-9920 Unrestricted File Upload and Execution in parisneo/lollms-webui
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...
CVE-2024-9920 Unrestricted File Upload and Execution in parisneo/lollms-webui
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...
CVE-2024-9920
CVE-2024-9920 affects parisneo/lollms-webui (v12). The vulnerability occurs in the “Send file to AL” feature, which accepts file uploads with extensions such as .py/.sh/.bat and then can execute them via the /open_file endpoint. Root cause: files are opened with subprocess.Popen without proper va...