Vulnerabilites related to parisneo - lollms-webui
CVE-2024-4403 (GCVE-0-2024-4403)
Vulnerability from cvelistv5
Published
2024-06-10 14:43
Modified
2024-08-01 20:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| parisneo | parisneo/lollms-webui |
Version: unspecified < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4403",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T14:17:09.934179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T17:41:16.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:43:21.623Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851"
}
],
"source": {
"advisory": "c9dd6d2f-d83a-488b-9443-d4200c010851",
"discovery": "EXTERNAL"
},
"title": "CSRF in restart_program in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-4403",
"datePublished": "2024-06-10T14:43:21.623Z",
"dateReserved": "2024-05-01T21:34:39.918Z",
"dateUpdated": "2024-08-01T20:40:47.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4267 (GCVE-0-2024-4267)
Vulnerability from cvelistv5
Published
2024-05-22 19:29
Modified
2024-08-01 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' function. An attacker can exploit this vulnerability by crafting a malicious file path that, when processed by the 'open_file' function, executes arbitrary system commands or reads sensitive file content. This issue is present in the code where subprocess.Popen is used unsafely to open files based on user-supplied paths without adequate validation, leading to potential command injection.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| parisneo | parisneo/lollms-webui |
Version: unspecified < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms-webui:9.5:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "lollms-webui",
"vendor": "parisneo",
"versions": [
{
"status": "affected",
"version": "9.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4267",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T16:52:04.366348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:41.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:53.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/5a127724-cc13-4ea6-b81f-41546a7fff81"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the \u0027open_file\u0027 module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the \u0027open_file\u0027 function. An attacker can exploit this vulnerability by crafting a malicious file path that, when processed by the \u0027open_file\u0027 function, executes arbitrary system commands or reads sensitive file content. This issue is present in the code where subprocess.Popen is used unsafely to open files based on user-supplied paths without adequate validation, leading to potential command injection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-22T19:29:56.867Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/5a127724-cc13-4ea6-b81f-41546a7fff81"
}
],
"source": {
"advisory": "5a127724-cc13-4ea6-b81f-41546a7fff81",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-4267",
"datePublished": "2024-05-22T19:29:56.867Z",
"dateReserved": "2024-04-26T18:16:36.135Z",
"dateUpdated": "2024-08-01T20:33:53.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1646 (GCVE-0-2024-1646)
Vulnerability from cvelistv5
Published
2024-04-16 00:00
Modified
2024-08-01 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| parisneo | parisneo/lollms-webui |
Version: unspecified < 9.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lollms-webui",
"vendor": "parisneo",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1646",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-13T19:18:33.557762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:59:30.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:20.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not \u00270.0.0.0\u0027 to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as \u0027/restart_program\u0027, \u0027/update_software\u0027, \u0027/check_update\u0027, \u0027/start_recording\u0027, and \u0027/stop_recording\u0027. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:34.706Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
},
{
"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
}
],
"source": {
"advisory": "2f769c46-aa85-4ab8-8b08-fe791313b7ba",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-1646",
"datePublished": "2024-04-16T00:00:14.201Z",
"dateReserved": "2024-02-19T21:27:04.120Z",
"dateUpdated": "2024-08-01T18:48:20.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6971 (GCVE-0-2024-6971)
Vulnerability from cvelistv5
Published
2024-10-11 12:14
Modified
2024-10-11 14:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim's computer, potentially installing multiple packages and causing a crash.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| parisneo | parisneo/lollms |
Version: unspecified < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lollms",
"vendor": "parisneo",
"versions": [
{
"lessThanOrEqual": "9.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6971",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T14:31:13.715468Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T14:34:23.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms",
"vendor": "parisneo",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim\u0027s computer, potentially installing multiple packages and causing a crash."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T12:14:13.156Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/fbfe7cd0-99fb-4305-bd07-8b573364109e"
}
],
"source": {
"advisory": "fbfe7cd0-99fb-4305-bd07-8b573364109e",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6971",
"datePublished": "2024-10-11T12:14:13.156Z",
"dateReserved": "2024-07-21T22:56:32.861Z",
"dateUpdated": "2024-10-11T14:34:23.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4841 (GCVE-0-2024-4841)
Vulnerability from cvelistv5
Published
2024-06-23 14:33
Modified
2024-08-01 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-29 - Path Traversal: '\..\filename'
Summary
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| parisneo | parisneo/lollms-webui |
Version: unspecified < |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms-webui:9.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "9.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4841",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T18:00:17.422827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T18:08:12.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the \u0027add_reference_to_local_mode\u0027 function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim\u0027s computer. The vulnerability is present in the way the application handles the \u0027path\u0027 parameter in HTTP requests to the \u0027/add_reference_to_local_model\u0027 endpoint."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-29",
"description": "CWE-29 Path Traversal: \u0027\\..\\filename\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-23T14:33:33.798Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602"
}
],
"source": {
"advisory": "740dda3e-7104-4ccf-9ac4-8870e4d6d602",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-4841",
"datePublished": "2024-06-23T14:33:33.798Z",
"dateReserved": "2024-05-13T16:43:36.597Z",
"dateUpdated": "2024-08-01T20:55:10.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1522 (GCVE-0-2024-1522)
Vulnerability from cvelistv5
Published
2024-03-30 18:02
Modified
2024-08-01 18:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| parisneo | parisneo/lollms-webui |
Version: unspecified < 9.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThan": "9,.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1522",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-01T20:33:48.431201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T20:34:39.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "parisneo/lollms-webui",
"vendor": "parisneo",
"versions": [
{
"lessThan": "9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim\u0027s system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim\u0027s local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim\u0027s system without requiring direct network access to the vulnerable application."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T11:10:26.224Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71"
},
{
"url": "https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b"
}
],
"source": {
"advisory": "687cef92-3432-4d6c-af92-868eccabbb71",
"discovery": "EXTERNAL"
},
"title": "Cross-Site Request Forgery (CSRF) Leading to Remote Code Execution in parisneo/lollms-webui"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-1522",
"datePublished": "2024-03-30T18:02:59.260Z",
"dateReserved": "2024-02-14T23:31:53.478Z",
"dateUpdated": "2024-08-01T18:40:21.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-04-16 00:15
Modified
2025-08-15 20:33
Severity ?
Summary
parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lollms | lollms-webui | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lollms:lollms-webui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0C2D4F-765C-4CF2-BC45-43D3F07D4AC3",
"versionEndExcluding": "9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not \u00270.0.0.0\u0027 to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as \u0027/restart_program\u0027, \u0027/update_software\u0027, \u0027/check_update\u0027, \u0027/start_recording\u0027, and \u0027/stop_recording\u0027. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration."
},
{
"lang": "es",
"value": "parisneo/lollms-webui es vulnerable a la omisi\u00f3n de autenticaci\u00f3n debido a una protecci\u00f3n insuficiente en los endpoints sensibles. La aplicaci\u00f3n verifica si el par\u00e1metro del host no es \u00270.0.0.0\u0027 para restringir el acceso, lo cual es inadecuado cuando la aplicaci\u00f3n est\u00e1 vinculada a una interfaz espec\u00edfica, lo que permite el acceso no autorizado a endpoints como \u0027/restart_program\u0027, \u0027/update_software\u0027, \u0027/ check_update\u0027, \u0027/start_recording\u0027 y \u0027/stop_recording\u0027. Esta vulnerabilidad puede provocar denegaci\u00f3n de servicio, desactivaci\u00f3n o anulaci\u00f3n no autorizada de grabaciones y potencialmente otros impactos si ciertas funciones est\u00e1n habilitadas en la configuraci\u00f3n."
}
],
"id": "CVE-2024-1646",
"lastModified": "2025-08-15T20:33:28.890",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "security@huntr.dev",
"type": "Secondary"
}
]
},
"published": "2024-04-16T00:15:09.967",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/parisneo/lollms-webui/commit/02e829b5653a1aa5dbbe9413ec84f96caa1274e8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/2f769c46-aa85-4ab8-8b08-fe791313b7ba"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-10 15:15
Modified
2025-08-15 20:39
Severity ?
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lollms | lollms-webui | 9.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lollms:lollms-webui:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8161B4F7-AE3F-4A7D-9B47-131C1AA3EC6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funci\u00f3n restart_program de parisneo/lollms-webui v9.6. Esta vulnerabilidad permite a los atacantes enga\u00f1ar a los usuarios para que realicen acciones no deseadas, como restablecer el programa sin su conocimiento, mediante el env\u00edo de formularios CSRF especialmente manipulados. Este problema afecta el proceso de instalaci\u00f3n, incluida la instalaci\u00f3n de Binding zoo y Models zoo, al restablecer programas inesperadamente. La vulnerabilidad se debe a la falta de protecci\u00f3n CSRF en la funci\u00f3n afectada."
}
],
"id": "CVE-2024-4403",
"lastModified": "2025-08-15T20:39:51.013",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-10T15:15:52.703",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-30 18:15
Modified
2025-08-15 20:33
Severity ?
Summary
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b | Patch | |
| security@huntr.dev | https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71 | Exploit, Third Party Advisory, Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71 | Exploit, Third Party Advisory, Issue Tracking, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lollms | lollms_web_ui | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lollms:lollms_web_ui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F75402D9-FC2D-41A0-A4BB-642D442AA26C",
"versionEndIncluding": "9.2",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim\u0027s system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim\u0027s local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim\u0027s system without requiring direct network access to the vulnerable application."
},
{
"lang": "es",
"value": "Activ\u00e9 CORS porque ten\u00eda una interfaz de usuario de desarrollo que usa otro n\u00famero de puerto y luego olvid\u00e9 eliminarla. Entonces, lo que acabo de hacer es: - Primero elimin\u00e9 la configuraci\u00f3n de cors que permite a todos acceder a ella: antes: ```python sio = socketio.AsyncServer(async_mode=\"asgi\", cors_allowed_origins=\"*\", ping_timeout=1200, ping_interval= 30) # Habilite CORS para cada ``` despu\u00e9s de: ```python cert_file_path = lollms_paths.personal_certificates/\"cert.pem\" key_file_path = lollms_paths.personal_certificates/\"key.pem\" si os.path.exists(cert_file_path) y os .path.exists(key_file_path): is_https = True else: is_https = False # Crear un servidor Socket.IO sio = socketio.AsyncServer(async_mode=\"asgi\", cors_allowed_origins=config.allowed_origins+[f\"https://localhost:{ config[\u0027port\u0027]}\" if is_https else f\"http://localhost:{config[\u0027port\u0027]}\"], ping_timeout=1200, ping_interval=30) # Habilitar CORS para or\u00edgenes seleccionados ``` - Segundo, He actualizado lollms para que tenga dos modos (un modo sin cabeza y un modo ui). Y actualiz\u00f3 /execute_code para bloquear si el servidor no tiene cabeza o est\u00e1 expuesto ```python @router.post(\"/execute_code\") async def ejecutar_code(request: Request): \"\"\" Ejecuta el c\u00f3digo Python y devuelve la salida. : solicitud de par\u00e1metro: el objeto de solicitud HTTP. :return: una respuesta JSON con el estado de la operaci\u00f3n. \"\"\" if lollmsElfServer.config.headless_server_mode: return {\"status\":False,\"error\":\"La ejecuci\u00f3n del c\u00f3digo est\u00e1 bloqueada cuando est\u00e1 en \u00a1modo sin cabeza por razones obvias de seguridad!\"} if lollmsElfServer.config.host==\"0.0.0.0\": return {\"status\":False,\"error\":\"La ejecuci\u00f3n del c\u00f3digo se bloquea cuando el servidor est\u00e1 expuesto al exterior por razones muy obvias !\"} intente: datos = (espera solicitud.json()) c\u00f3digo = datos[\"c\u00f3digo\"] id_discusi\u00f3n = int(data.get(\"id_discusi\u00f3n\",\"discusi\u00f3n_desconocida\")) id_mensaje = int(data.get(\"id_mensaje) \",\"unknown_message\")) language = data.get(\"language\",\"python\") if language==\"python\": ASCIIColors.info(\"Ejecutando c\u00f3digo python:\") ASCIIColors.amarillo(c\u00f3digo) return ejecutar_python(c\u00f3digo) , id_discusi\u00f3n, id_mensaje) if idioma==\"javascript\": ASCIIColors.info(\"Ejecutando c\u00f3digo javascript:\") ASCIIColors.amarillo(c\u00f3digo) devuelve ejecutar_javascript(c\u00f3digo, id_discusi\u00f3n, id_mensaje) si el idioma est\u00e1 en [\"html\",\"html5\" ,\"svg\"]: ASCIIColors.info(\"Ejecutando c\u00f3digo javascript:\") ASCIIColors.amarillo(c\u00f3digo) return ejecutar_html(c\u00f3digo, id_discusi\u00f3n, id_mensaje) elif language==\"latex\": ASCIIColors.info(\"Ejecutando c\u00f3digo latex:\" ) ASCIIColors.amarillo(c\u00f3digo) devuelve ejecutar_latex(c\u00f3digo, id_discusi\u00f3n, id_mensaje) lenguaje elif en [\"bash\",\"shell\",\"cmd\",\"powershell\"]: ASCIIColors.info(\"Ejecutando c\u00f3digo de shell:\") ASCIIColors. amarillo(c\u00f3digo) devuelve ejecutar_bash(c\u00f3digo, id_discusi\u00f3n, id_mensaje) idioma elif en [\"sirena\"]: ASCIIColors.info(\"Ejecutando c\u00f3digo de sirena:\") ASCIIColors.amarillo(c\u00f3digo) devuelve ejecutar_mermaid(c\u00f3digo, id_discusi\u00f3n, id_mensaje) idioma elif en [\"graphviz\",\"punto\"]: ASCIIColors.info(\"Ejecutando c\u00f3digo Graphviz:\") ASCIIColors.amarillo(c\u00f3digo) return ejecutar_graphviz(c\u00f3digo, id_discusi\u00f3n, id_mensaje) return {\"status\": False, \"error\": \" Idioma no admitido\", \"execution_time\": 0} excepto excepci\u00f3n como por ejemplo: trace_exception(ex) lollmsElfServer.error(ex) return {\"status\":False,\"error\":str(ex)} ``` Tambi\u00e9n agregu\u00e9 un opcional modo https y esperamos agregar una autenticaci\u00f3n completa con cookies y una sesi\u00f3n personal, etc. Todas las actualizaciones estar\u00e1n en la versi\u00f3n 9.1 nuevamente, muchas gracias por su trabajo. Lo har\u00e9 m\u00e1s dif\u00edcil la pr\u00f3xima vez, pero si encuentras m\u00e1s errores, s\u00e9 mi invitado :)"
}
],
"id": "CVE-2024-1522",
"lastModified": "2025-08-15T20:33:48.423",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
]
},
"published": "2024-03-30T18:15:45.930",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch"
],
"url": "https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking",
"Patch"
],
"url": "https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"Issue Tracking",
"Patch"
],
"url": "https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-23 15:15
Modified
2025-07-07 17:23
Severity ?
Summary
A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| parisneo | lollms-webui | 9.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:parisneo:lollms-webui:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8A3CF797-E28D-4E5D-B025-383EED5EF2EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the \u0027add_reference_to_local_mode\u0027 function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim\u0027s computer. The vulnerability is present in the way the application handles the \u0027path\u0027 parameter in HTTP requests to the \u0027/add_reference_to_local_model\u0027 endpoint."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Path Traversal en parisneo/lollms-webui, espec\u00edficamente dentro de la funci\u00f3n \u0027add_reference_to_local_mode\u0027 debido a la falta de sanitizaci\u00f3n de entrada. Esta vulnerabilidad afecta a las versiones v9.6 hasta la \u00faltima. Al explotar esta vulnerabilidad, un atacante puede predecir las carpetas, subcarpetas y archivos presentes en la computadora de la v\u00edctima. La vulnerabilidad est\u00e1 presente en la forma en que la aplicaci\u00f3n maneja el par\u00e1metro \u0027ruta\u0027 en las solicitudes HTTP al endpoint \u0027/add_reference_to_local_model\u0027."
}
],
"id": "CVE-2024-4841",
"lastModified": "2025-07-07T17:23:31.907",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-23T15:15:09.233",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-29"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-11 13:15
Modified
2025-08-15 20:38
Severity ?
Summary
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim's computer, potentially installing multiple packages and causing a crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/fbfe7cd0-99fb-4305-bd07-8b573364109e | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lollms | lollms-webui | 9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lollms:lollms-webui:9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "83BFAFEC-7D97-458F-931A-92DC832DE473",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim\u0027s computer, potentially installing multiple packages and causing a crash."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de path traversal en el repositorio parisneo/lollms-webui, espec\u00edficamente en el archivo `lollms_file_system.py`. Las funciones `add_rag_database`, `toggle_mount_rag_database` y `vectorize_folder` no implementan medidas de seguridad como `sanitize_path_from_endpoint` o `sanitize_path`. Esto permite que un atacante realice operaciones de vectorizaci\u00f3n en archivos `.sqlite` en cualquier directorio de la computadora de la v\u00edctima, lo que podr\u00eda instalar varios paquetes y provocar un bloqueo."
}
],
"id": "CVE-2024-6971",
"lastModified": "2025-08-15T20:38:03.347",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-11T13:15:16.537",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/fbfe7cd0-99fb-4305-bd07-8b573364109e"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-22 20:15
Modified
2025-08-15 20:40
Severity ?
Summary
A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' function. An attacker can exploit this vulnerability by crafting a malicious file path that, when processed by the 'open_file' function, executes arbitrary system commands or reads sensitive file content. This issue is present in the code where subprocess.Popen is used unsafely to open files based on user-supplied paths without adequate validation, leading to potential command injection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/5a127724-cc13-4ea6-b81f-41546a7fff81 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/5a127724-cc13-4ea6-b81f-41546a7fff81 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| lollms | lollms-webui | 9.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lollms:lollms-webui:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C159E9-1B43-4884-BE0E-54FF70535330",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the \u0027open_file\u0027 module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the \u0027open_file\u0027 function. An attacker can exploit this vulnerability by crafting a malicious file path that, when processed by the \u0027open_file\u0027 function, executes arbitrary system commands or reads sensitive file content. This issue is present in the code where subprocess.Popen is used unsafely to open files based on user-supplied paths without adequate validation, leading to potential command injection."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en parisneo/lollms-webui, espec\u00edficamente dentro del m\u00f3dulo \u0027open_file\u0027, versi\u00f3n 9.5. La vulnerabilidad surge debido a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando dentro de la funci\u00f3n \u0027open_file\u0027. Un atacante puede aprovechar esta vulnerabilidad creando una ruta de archivo maliciosa que, cuando se procesa mediante la funci\u00f3n \u0027open_file\u0027, ejecuta comandos arbitrarios del sistema o lee contenido de archivo confidencial. Este problema est\u00e1 presente en el c\u00f3digo donde subprocess.Popen se usa de manera insegura para abrir archivos basados en rutas proporcionadas por el usuario sin una validaci\u00f3n adecuada, lo que lleva a una posible inyecci\u00f3n de comandos."
}
],
"id": "CVE-2024-4267",
"lastModified": "2025-08-15T20:40:20.873",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-22T20:15:09.700",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/5a127724-cc13-4ea6-b81f-41546a7fff81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.com/bounties/5a127724-cc13-4ea6-b81f-41546a7fff81"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
}
]
}