Lollms Web Ui vulnerabilities

CVE-2024-2359 [CRITICAL] CWE-78 CVE-2024-2359: A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the `/update_setting` endpoint, wh

CVE-2024-2624 [CRITICAL] CWE-29 CVE-2024-2624: A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui applica A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parame

CVE-2024-2362 [CRITICAL] CWE-36 CVE-2024-2362: A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platfo A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del

CVE-2024-2288 [HIGH] CWE-352 CVE-2024-2288: A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without their consent, potentially leading to a denial of service by

CVE-2024-2548 [HIGH] CWE-36 CVE-2024-2548: A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit th

CVE-2024-2178 [HIGH] CWE-29 CVE-2024-2178: A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to A path traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'copy_to_custom_personas' endpoint in the 'lollms_personalities_infos.py' file. This vulnerability allows attackers to read arbitrary files by manipulating the 'category' and 'name' parameters during the 'Copy to custom personas folder for editing' process. By ins

CVE-2024-4330 [LOW] CWE-23 CVE-2024-4330: A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the 'list_personalities' endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, alb

CVE-2024-2358 [CRITICAL] CWE-29 CVE-2024-2358: A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows att A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the 'extensions' parameter. Attackers can exploit this by crafting a payload that incl

CVE-2024-2366 [CRITICAL] CWE-77 CVE-2024-2366: A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing an attacker to exploit path traversal to navigate t

CVE-2024-2361 [CRITICAL] CWE-29 CVE-2024-2361: A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insuff A vulnerability in the parisneo/lollms-webui allows for arbitrary file upload and read due to insufficient sanitization of user-supplied input. Specifically, the issue resides in the `install_model()` function within `lollms_core/lollms/binding.py`, where the application fails to properly sanitize the `file://` protocol and other inputs, leading to a

CVE-2024-4326 [CRITICAL] CWE-15 CVE-2024-4326: A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbit A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through th

CVE-2024-3126 [HIGH] CWE-78 CVE-2024-3126: A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollm A command injection vulnerability exists in the 'run_xtts_api_server' function of the parisneo/lollms-webui application, specifically within the 'lollms_xtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utilizes 'subprocess.Popen' to execute a command constructed

CVE-2024-4322 [HIGH] CWE-29 CVE-2024-4322: A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version of the application. The vulnerability is due to improp

CVE-2024-3435 [HIGH] CWE-29 CVE-2024-3435: A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui a A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by

CVE-2024-2299 [MEDIUM] CWE-79 CVE-2024-2299: A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application du A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which is executed when the file is accessed. This vulnerability

CVE-2024-1600 [CRITICAL] CWE-98 CVE-2024-1600: A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specific A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attack

CVE-2024-1520 [CRITICAL] CWE-78 CVE-2024-1520: An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lol An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operatin

CVE-2024-1511 [CRITICAL] CWE-22 CVE-2024-1511: The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequ The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when t

CVE-2024-1602 [MEDIUM] CWE-79 CVE-2024-1602: parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code E parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to s

CVE-2024-1522 [HIGH] CWE-352 CVE-2024-1522: A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits