CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6959 – Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-6959
13 Oct 2024 — A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.... • https://huntr.com/bounties/6394d32e-f35c-418a-95b8-e7254ed0bc8e • CWE-352: Cross-Site Request Forgery (CSRF) CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5933 – Cross-site Scripting (XSS) in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-5933
27 Jun 2024 — A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser. • https://huntr.com/bounties/51a2e370-3b64-45cd-9afc-0e4856ab5517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4499 – CSRF Vulnerability in parisneo/lollms XTTS Server
https://notcve.org/view.php?id=CVE-2024-4499
24 Jun 2024 — A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the... • https://huntr.com/bounties/336cd0eb-eb47-450d-9b2c-9332f69af65a • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2359 – Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2359
06 Jun 2024 — A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the `/update_setting` endpoint, which lacks proper access control, to modify the `host` configuration at runtime. By changing the `host` setting to an attacker-controlled value, the restriction... • https://huntr.com/bounties/62144831-8d4b-4cf2-9737-5e559f7bc67e • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2360 – Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2360
06 Jun 2024 — parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which ... • https://huntr.com/bounties/65d0ef59-a761-4bbd-86fa-dd8e8621082e • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3429 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-3429
06 Jun 2024 — A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthori... • https://github.com/parisneo/lollms/commit/f4424cfc3d6dfb3ad5ac17dd46801efe784933e9 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3322 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-3322
06 Jun 2024 — A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Specifically, the function fails to properly sanitize user-supplied input for the 'code_folder_path', allowing an attacker to specify arbitrar... • https://github.com/parisneo/lollms-webui/commit/1e17df01e01d4d33599db2afaafe91d90b6f0189 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2548 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2548
06 Jun 2024 — A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered whe... • https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265 • CWE-36: Absolute Path Traversal •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2362 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2362
06 Jun 2024 — A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a... • https://huntr.com/bounties/2433d0a4-9ba0-474b-be1a-6fd5019770ba • CWE-36: Absolute Path Traversal •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5482 – SSRF in add_webpage endpoint in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-5482
06 Jun 2024 — A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs, including those that target internal resources such as 'localhost' or '127.0.0.1'. This flaw enables attackers to make unauthorized requests to internal or external systems, potentially leading to access to sensi... • https://huntr.com/bounties/d97e23e7-172f-4862-a732-86bfc0b7860e • CWE-918: Server-Side Request Forgery (SSRF) •