CVE-2024-1601 SQL Injection in parisneo/lollms-webui

An SQL injection vulnerability exists in the deletediscussion function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /deletediscussion endpoint, which internally...

LoLLMs SQL注入漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. LoLLMs suffers from a SQL injection vulnerability that stems from improper neutralization of special elements used in SQL commands, which allows an attacker to send a carefully crafted HTTP POS...