CVE-2024-1520

Name of the Vulnerable Software and Affected Versions parisneo/lollms-webui (affected versions not specified)

Description An issue exists in the '/open code folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the discussion id parameter. Attackers can exploit this by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.