Lollms

Lollms Web Ui

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-4320

Exploit
  • EPSS 62.29%
  • Veröffentlicht 06.06.2024 19:16:02
  • Zuletzt bearbeitet 21.11.2024 09:42:37

A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. The vulnerability arises due to improper han...

9.8

CVE-2024-3322

Exploit
  • EPSS 0.79%
  • Veröffentlicht 06.06.2024 19:16:01
  • Zuletzt bearbeitet 21.11.2024 09:29:23

A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in th...

9.8

CVE-2024-2624

Exploit
  • EPSS 9.56%
  • Veröffentlicht 06.06.2024 19:15:55
  • Zuletzt bearbeitet 21.11.2024 09:10:09

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. ...

7.5

CVE-2024-2548

Exploit
  • EPSS 0.46%
  • Veröffentlicht 06.06.2024 19:15:55
  • Zuletzt bearbeitet 21.11.2024 09:09:59

A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of f...

9.1

CVE-2024-2362

Exploit
  • EPSS 1.91%
  • Veröffentlicht 06.06.2024 19:15:54
  • Zuletzt bearbeitet 13.02.2025 16:09:46

A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on ...

9.8

CVE-2024-2360

Exploit
  • EPSS 9.71%
  • Veröffentlicht 06.06.2024 19:15:54
  • Zuletzt bearbeitet 21.11.2024 09:09:35

parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerabil...

9.8

CVE-2024-2359

Exploit
  • EPSS 0.27%
  • Veröffentlicht 06.06.2024 19:15:54
  • Zuletzt bearbeitet 21.11.2024 09:09:35

A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blo...

8.3

CVE-2024-2288

Exploit
  • EPSS 0.27%
  • Veröffentlicht 06.06.2024 19:15:54
  • Zuletzt bearbeitet 21.11.2024 09:09:26

A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers ...

9.1

CVE-2024-1873

  • EPSS 2.42%
  • Veröffentlicht 06.06.2024 19:15:51
  • Zuletzt bearbeitet 15.10.2025 13:15:41

parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when intera...

9.8

CVE-2024-5482

Exploit
  • EPSS 0.34%
  • Veröffentlicht 06.06.2024 18:15:21
  • Zuletzt bearbeitet 21.11.2024 09:47:46

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered...