3 matches found
CVE-2024-12766
parisneo/lollms-webui version V13 feather suffers from a Server-Side Request Forgery SSRF vulnerability in the POST /api/proxy REST API. Attackers can exploit this vulnerability to abuse the victim server's credentials to access unauthorized web resources by specifying the JSON parameter...
CVE-2024-9919
A missing authentication check in the uninstall endpoint of parisneo/lollms-webui V13 allows attackers to perform unauthorized directory deletions. The /uninstall/appname API endpoint does not call the checkaccess function to verify the clientid, enabling attackers to delete directories without...
CVE-2024-12766
parisneo/lollms-webui version V13 feather suffers from a Server-Side Request Forgery SSRF vulnerability in the POST /api/proxy REST API. Attackers can exploit this vulnerability to abuse the victim server's credentials to access unauthorized web resources by specifying the JSON parameter...