Lucene search

K

5 matches found

CVE
CVE
added 2025/03/20 10:15 a.m.69 views

CVE-2024-8898

A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of user-suppl...

9.8CVSS6.9AI score0.0007EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.64 views

CVE-2024-9920

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/open_file' API endpoi...

8.8CVSS7.1AI score0.00572EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.40 views

CVE-2024-8736

A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes mul...

7.1CVSS7AI score0.00062EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.36 views

CVE-2024-10019

A vulnerability in the start_app_server function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the app_name parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by expl...

6.7CVSS7.1AI score0.00051EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.30 views

CVE-2024-8581

A vulnerability in the upload_app function of parisneo/lollms-webui V12 (Strawberry) allows an attacker to delete any file or directory on the system. The function does not implement user input filtering with the filename value, causing a Path Traversal error.

9.1CVSS9.1AI score0.00092EPSS