CVE-2024-2359 Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /executecode endpoint, which is intended to be blocked from external access by default. However,...