Parisneo Lollms vulnerabilities

CVE-2024-6085 [HIGH] CWE-22 CVE-2024-6085: A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9. A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows a

CVE-2024-4499 [MEDIUM] CWE-352 CVE-2024-4499: A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms versi A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and w

CVE-2024-3121 [LOW] CWE-94 CVE-2024-3121: A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a se

CVE-2024-4315 [CRITICAL] CWE-22 CVE-2024-4315: parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through

CVE-2024-4320 [CRITICAL] CWE-29 CVE-2024-4320: A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the paris A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for l

CVE-2024-3429 [CRITICAL] CWE-29 CVE-2024-3429: A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `s A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-su

CVE-2024-4881 [HIGH] CWE-36 CVE-2024-4881: A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 an A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Wind

CVE-2024-4078 [CRITICAL] CWE-77 CVE-2024-4078: A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows fo A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and exec