📦 Lollms Web Ui

A path traversal vulnerability in parisneo/lollms-webui version V12 allows attackers to create or delete arbitrary directories on the system by exploiting insufficient input sanitization in the instal...

This vulnerability in parisneo/lollms-webui allows attackers to delete any file or directory on the system through path traversal in the upload_app function. It affects users running version V12 (Stra...

This CVE-2024-4320 is a critical remote code execution vulnerability in the parisneo/lollms-webui application. Attackers can exploit the '/install_extension' endpoint by manipulating the 'name' parame...

This path traversal vulnerability in the lollms-webui's codeguard personality allows attackers to read and overwrite arbitrary files on the system by manipulating the 'code_folder_path' parameter. Att...

This vulnerability allows attackers to perform path traversal and arbitrary file uploads in the lollms-webui application by manipulating the 'path' parameter. Attackers can read sensitive personal dat...

This vulnerability in parisneo/lollms-webui version 9.3 allows attackers to bypass access restrictions and execute arbitrary code remotely. Attackers exploit the unprotected `/update_setting` endpoint...

A path traversal vulnerability in parisneo/lollms-webui version 9.3 on Windows allows attackers to delete any file on the system by exploiting improper path validation in the 'del_preset' endpoint. Th...

The CVE-2024-1873 vulnerability in parisneo/lollms-webui allows attackers to perform path traversal attacks through an exposed /select_database endpoint. This enables directory creation anywhere on th...

This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of parisneo/lollms-webui. Attackers can bypass security controls by manipulating settings to...

This CVE describes a remote code execution vulnerability in the parisneo/lollms-webui application. Attackers can exploit insufficient path sanitization in the reinstall_binding functionality to upload...

A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code by exploiting insufficient input sanitization in the 'extensions' p...

This CVE describes a Local File Inclusion vulnerability in the parisneo/lollms-webui application that allows attackers to read arbitrary files on the server filesystem. Attackers can exploit this by s...

This CVE describes a critical OS command injection vulnerability in the lollms-webui application's '/open_code_folder' endpoint. Attackers can execute arbitrary commands on the underlying operating sy...

This vulnerability in parisneo/lollms-webui allows attackers to cause denial of service by sending specially crafted file upload requests with excessively long multipart boundaries. The server fails t...

This vulnerability allows unauthenticated attackers to delete directories via the uninstall API endpoint in parisneo/lollms-webui. Attackers can exploit missing authentication checks to perform unauth...

This vulnerability allows attackers to upload malicious files with dangerous extensions (.py, .sh, .bat, etc.) and execute them via the '/open_file' API endpoint, leading to remote code execution. It ...

This SSRF vulnerability in parisneo/lollms-webui allows attackers to make the server send unauthorized HTTP requests to internal or external systems, potentially accessing sensitive resources. It affe...

A CORS misconfiguration in lollms-webui allows attackers to steal sensitive information like logs, browser sessions, and settings containing private API keys from other services. This vulnerability ca...

This vulnerability in parisneo/lollms-webui version 9.8 allows attackers to cause a Denial of Service (DoS) by uploading specially crafted audio files with manipulated multipart boundaries. The lack o...

A Local File Inclusion vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files on the server through path traversal. This affects all users running versions below v9.8, potenti...

This vulnerability in parisneo/lollms-webui allows attackers to perform Cross-Site Request Forgery (CSRF) attacks against binding management endpoints. Attackers can trick authenticated users into exe...

This vulnerability allows remote attackers to execute arbitrary code on systems running lollms-webui by uploading malicious model files through the binding_zoo feature. The vulnerability stems from an...

An absolute path traversal vulnerability in parisneo/lollms-webui v9.6 allows attackers to read arbitrary files and list directories on Windows systems. This affects users running the vulnerable versi...

This CVE describes a Path Traversal and Remote File Inclusion vulnerability in the parisneo/lollms-webui application that allows attackers to manipulate file paths and include arbitrary files. Success...

A path traversal vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files on Windows systems by exploiting inadequate path validation. This affects users running the latest vers...

A CSRF vulnerability in Lollms WebUI versions up to 7.3.0 allows attackers to change victims' profile pictures without consent. This can lead to denial of service through filesystem overload or enable...

This path traversal vulnerability in parisneo/lollms-webui allows attackers to read arbitrary files by manipulating parameters in the 'copy_to_custom_personas' endpoint. Attackers can use '../' sequen...

A path traversal vulnerability in the parisneo/lollms-webui application allows attackers to manipulate configuration settings via specially crafted JSON payloads to the 'save_settings' endpoint. This ...

This CVE describes a command injection vulnerability in the parisneo/lollms-webui application that allows remote attackers to execute arbitrary commands on the host system. The vulnerability affects a...

A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary OS commands on a victim's system. Attackers can craft malicious webp...

This CSRF vulnerability in lollms-webui allows attackers to cause denial of service by exploiting file upload endpoints. Attackers can append extra characters to multipart boundaries, forcing the serv...

A stored Cross-site Scripting (XSS) vulnerability in parisneo/lollms-webui allows attackers to inject malicious JavaScript into the System Template configuration. When administrators view the Settings...

This vulnerability allows attackers to list arbitrary directories on Windows systems running vulnerable versions of lollms-webui. By sending a specially crafted HTTP request to the /open_file endpoint...

This Cross-site Scripting (XSS) vulnerability in parisneo/lollms-webui allows attackers to inject malicious JavaScript via chat messages, which executes in victims' browsers when they view those messa...