CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3435 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-3435
16 May 2024 — A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by sending specially crafted JSON payloads. This could lead to remote code execution (RCE) by bypassing existing patches designed to mitigate such vulnerabilit... • https://github.com/ymuraki-csc/cve-2024-3435 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4326 – Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4326
16 May 2024 — A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enfor... • https://github.com/parisneo/lollms-webui/commit/abb4c6d495a95a3ef5b114ffc57f85cd650b905e • CWE-15: External Control of System or Configuration Setting •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2358 – Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2358
16 May 2024 — A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that includes relative path traversal sequences ('../../../'), enabling them to navigate to arbitrary directories. This flaw subsequently allows the server to load and e... • https://huntr.com/bounties/b2771df3-be50-45bd-93c4-0974ce38bc22 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1569 – Uncontrolled Resource Consumption in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1569
16 Apr 2024 — parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.... • https://github.com/parisneo/lollms-webui/commit/354cf766835396b7fc0d5105ed3b77572a653149 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1601 – SQL Injection in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1601
16 Apr 2024 — An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which internally calls the vulnerable `delete_discussion()` function. By sending a specially crafted payload in the 'id' parameter, an attacker can manipulate SQL queries to delete all records from the 'discussion' and 'messag... • https://github.com/parisneo/lollms-webui/commit/f0bc8f2babdfd4770a5adbf3b60ec612e4f1db46 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1646 – Authentication Bypass in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1646
16 Apr 2024 — parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding ... • https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1602 – Stored XSS leading to RCE in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1602
10 Apr 2024 — parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker's host. The issue affects various components of the application, i... • https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1520 – OS Command Injection in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1520
10 Apr 2024 — An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise. • https://github.com/parisneo/lollms-webui/commit/2497d1a4fe5a09f003bf7a9bc426139e9295a934 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1511 – Path Traversal Vulnerability in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1511
10 Apr 2024 — The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages. • https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1600 – Local File Inclusion in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1600
10 Apr 2024 — A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the a... • https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265 • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •