Lollms Web Ui Security Vulnerabilities

CVE-2024-1520

An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unau...

CVE-2024-1522

A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the /execute_code API endpoint, which does not properly validate requests, enabling an attacker to craft a mali...

CVE-2024-1569

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the /open_code_in_vs_code and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the ...

CVE-2024-1600

A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the /personalities route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (../../) followed by the desired system file path, URL e...

CVE-2024-1601

An SQL injection vulnerability exists in the delete_discussion() function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the /delete_discussion endpoint, which internally ...

CVE-2024-1646

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized ac...

CVE-2024-2288

A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without thei...

CVE-2024-2548

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the lollms_core/lollms/server/endpoints/lollms_binding_files_server.py and lollms_core/lollms/security.py files. Due to inadequate validation of file paths between Windows and Linux environments usin...

CVE-2024-2624

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get("/switch_personal_path") endpoint in ./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py. The vulnerability arises due to insufficient sanitiza...

CVE-2024-3121

A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name an...

CVE-2024-3126

A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function util...

CVE-2024-3322

A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/...

CVE-2024-3429

A path traversal vulnerability exists in the parisneo/lollms application, specifically within the sanitize_path_from_endpoint and sanitize_path functions in lollms_core\lollms\security.py. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue ari...

CVE-2024-3435

A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an a...

CVE-2024-4315

parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash \), allowing attackers to perform directory traversal attacks on Windows sys...

CVE-2024-4326

A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the /apply_settings and /execute_code endpoints. Attackers can bypass protections by setting the host to localhost, enabling code ex...

CVE-2024-4328

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick us...

CVE-2024-4881

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse be...

CVE-2024-5443

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder().build_extension() function. The vulnerability arises from the /mount_extension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory struct...

CVE-2024-6085

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be b...

CVE-2024-6281

A path traversal vulnerability exists in the apply_settings function of parisneo/lollms versions prior to 9.5.1. The sanitize_path function does not adequately secure the discussion_db_name parameter, allowing attackers to manipulate the path and potentially write to important system folders.