Parisneo Lollms-Webui vulnerabilities

CVE-2024-4322 [HIGH] CWE-29 CVE-2024-4322: A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `/list_personalities` endpoint. By manipulating the `category` parameter, an attacker can traverse the directory structure and list any directory on the system. This issue affects the latest version of the application. The vulnerability is due to improp

CVE-2024-3435 [HIGH] CWE-29 CVE-2024-3435: A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui a A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by

CVE-2024-34359 [CRITICAL] CWE-76 CVE-2024-34359: llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` i llama-cpp-python is the Python bindings for llama.cpp. `llama-cpp-python` depends on class `Llama` in `llama.py` to load `.gguf` llama.cpp or Latency Machine Learning Models. The `__init__` constructor built in the `Llama` takes several parameters to configure the loading and running of the model. Other than `NUMA, LoRa settings`, `loading tokenize

CVE-2024-2299 [MEDIUM] CWE-79 CVE-2024-2299: A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application du A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which is executed when the file is accessed. This vulnerability

CVE-2024-1601 [CRITICAL] CWE-89 CVE-2024-1601: An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-w An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which internally calls the vulnerable `delete_discussion()` functi

CVE-2024-1646 [HIGH] CWE-288 CVE-2024-1646: parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sen parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_s

CVE-2024-1569 [HIGH] CWE-400 CVE-2024-1569: parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open)

CVE-2024-1600 [CRITICAL] CWE-98 CVE-2024-1600: A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specific A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attack

CVE-2024-1520 [CRITICAL] CWE-78 CVE-2024-1520: An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lol An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operatin

CVE-2024-1511 [CRITICAL] CWE-22 CVE-2024-1511: The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequ The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when t

CVE-2024-1602 [MEDIUM] CWE-79 CVE-2024-1602: parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code E parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to s

CVE-2024-1522 [HIGH] CWE-352 CVE-2024-1522: A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits