CVE-2024-1522

Name of the Vulnerable Software and Affected Versions lollms-webui (affected versions not specified)

Description A Cross-Site Request Forgery (CSRF) issue in the lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The issue stems from the "/execute code" API endpoint, which does not properly validate requests. This enables an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands, allowing attackers to take full control of the victim's system without requiring direct network access to the vulnerable application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.