CVE-2024-2359
published 2024-06-06CVE-2024-2359: A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.22%
64.9th percentile
A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the `/update_setting` endpoint, which lacks proper access control, to modify the `host` configuration at runtime. By changing the `host` setting to an attacker-controlled value, the restriction on the `/execute_code` endpoint can be bypassed, leading to remote code execution. This vulnerability is due to improper neutralization of special elements used in an OS command (`Improper Neutralization of Special Elements used in an OS Command`).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lollms | lollms_web_ui | — | — |
| parisneo | parisneo_lollms-webui | unspecified – latest | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected POST/GET requests to the `/update_setting` endpoint from external/untrusted sources, especially those modifying the `host` parameter — this is the initial step of the exploit chain. ↗
- →Detect runtime changes to the `host` configuration value via the `/update_setting` endpoint, particularly to values not matching expected localhost/internal addresses. ↗
- ·The vulnerability affects parisneo/lollms-webui version 9.3 specifically; the `/execute_code` endpoint restriction is a runtime configuration that can be altered via `/update_setting` without authentication controls. ↗
- ·The `/execute_code` endpoint block is enforced based on the `host` configuration value; since `/update_setting` lacks access control, this protection can be defeated at runtime without restarting the application. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
Red-MIRROR: Agentic LLM-based Autonomous Penetration Testing with Reflective Verification and Knowledge-augmented Interaction
arxiv_fulltext·2026-03
Red-MIRROR: Agentic LLM-based Autonomous Penetration Testing with Reflective Verification and Knowledge-augmented Interaction
1
.001
Red-MIRROR: Agentic LLM-based Autonomous Penetration Testing with Reflective Verification and Knowledge-augmented Interaction
[1]organization=Information Security Lab, University of Information Technology,
city=Ho Chi Minh City,
country=Vietnam
[2]organization=Vietnam National University,
city=Ho Chi Minh City,
country=Vietnam
[1,2]Tran Vy Khang
[email protected]
[1,2]Nguyen Dang Nguyen Khang
[email protected]
[1,2]Nghi Hoang Khoa
[email protected]
[1,2]Do Thi Thu Hien
[email protected]
[1,2]Van-Hau Pham
[email protected]
[1,2]Phan The Duycor1
[email protected]
[cor1]Corresponding author
## Abstract
Web applications remain the dominant attack surface in cybersecurity, where vulnerabilities such as SQL injection, XSS, and business logic flaws continue to cause sign
arXiv
AXE: An Agentic eXploit Engine for Confirming Zero-Day Vulnerability Reports
arxiv_fulltext·2026-02-15
AXE: An Agentic eXploit Engine for Confirming Zero-Day Vulnerability Reports
AXE: An Agentic eXploit Engine for Confirming Zero-Day Vulnerability Reports
Amirali [email protected]
Drexel University, Philadelphia, PA
Tu [email protected]
Drexel University, Philadelphia, PA
Kostadin [email protected]
Virginia Commonwealth University, Richmond, VA
Preetha [email protected]
Drexel University, Philadelphia, PA
## Abstract
Vulnerability detection tools are widely adopted in software projects, yet they often overwhelm maintainers with false positives and non-actionable reports. Automated exploitation systems can help validate these reports; however, existing approaches typically operate in isolation from detection pipelines, failing to leverage readily available metadata such as vulnerability type and source-code
2024-06-06
Published