parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter.
An attacker can manipulate the 'discussion_db_name' and 'pdf_latex_path' parameters, which are not properly validated for file paths. The lack of appropriate sanitization of user-supplied input enables path traversal (directory traversal) attacks. By properly crafting these parameters, it is possible to execute arbitrary code on the attacked server, as well as disclose system files and exploit additional attack vectors.
An attacker can remotely execute arbitrary code on the server (RCE), gain access to sensitive system files, and potentially take full control of the system, including threatening data confidentiality, integrity, and availability.
Apply patches available from the vendor according to references. It is recommended to monitor the parisneo/lollms-webui project repository and immediately implement updates that eliminate improper validation of 'discussion_db_name' and 'pdf_latex_path' parameters. Until the fix is applied, restrict access to the web interface to trusted users only.
parisneo/lollms-webui — the latest version of the software available at the time of vulnerability publication (2024-06-06)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLollms Web Ui
APPLollmswszystkie wersje
Related vulnerabilities
SSRF i brak uwierzytelnienia w lollms-webui — dostęp do wewnętrznych zasobów
Path traversal w API install/uninstall lollms-webui V12 (Strawberry)
Path Traversal w lollms-webui umożliwia usunięcie dowolnego pliku
Path Traversal i DoS w endpoint /select_database aplikacji lollms-webui
Command Injection w lollms-webui — obejście zabezpieczeń i RCE