GHSA-MVRM-FH8Q-6WR2 Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

CVE-2024-5443

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

CVE-2024-5443

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

CVE-2024-5443

CVE-2024-5443 describes a path traversal flaw in parisneo/lollms related to the ExtensionBuilder().build_extension() workflow. The issue, exploited via the /mount_extension endpoint, arises because data.category and data.folder can be empty strings, enabling construction of a package_path that ca...

CVE-2024-5443 Remote Code Execution via Path Traversal in parisneo/lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

CVE-2024-4320 Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui

A remote code execution RCE vulnerability exists in the '/installextension' endpoint of the parisneo/lollms-webui application, specifically within the @router.post"/installextension" route handler. The vulnerability arises due to improper handling of the name parameter in the...

CVE-2024-4320 Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui

A remote code execution RCE vulnerability exists in the '/installextension' endpoint of the parisneo/lollms-webui application, specifically within the @router.post"/installextension" route handler. The vulnerability arises due to improper handling of the name parameter in the...