3 matches found
CVE-2024-8581
A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...
CVE-2024-8581
A vulnerability in the uploadapp function of parisneo/lollms-webui V12 Strawberry allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error...
CVE-2024-10019 Path Traversal and OS Command Injection in parisneo/lollms-webui
A vulnerability in the startappserver function of parisneo/lollms-webui V12 Strawberry allows for path traversal and OS command injection. The function does not properly sanitize the appname parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by...