CVE-2024-2358

Name of the Vulnerable Software and Affected Versions parisneo/lollms-webui (affected versions not specified)

Description A path traversal issue exists due to insufficient sanitization of user-supplied input in the configuration settings, specifically within the extensions parameter of the "/apply settings" endpoint. This allows attackers to execute arbitrary code by crafting a payload with relative path traversal sequences, enabling them to navigate to arbitrary directories and load a malicious ' init .py' file, leading to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.