CVE-2024-10019
Path Traversal and OS Command Injection in parisneo/lollms-webui
A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the `app_name` parameter, enabling an attacker to upload a malicious `server.py` file and execute arbitrary code by exploiting the path traversal vulnerability.
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Produtos afetados
parisneo · parisneo/lollms-webuiQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →