Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in parisneo/lollms-webui
Vulnerability Description
A remote code execution vulnerability exists in the parisneo/lollms-webui application, specifically within the reinstall_binding functionality in lollms_core/lollms/server/endpoints/lollms_binding_infos.py of the latest version. The vulnerability arises due to insufficient path sanitization, allowing an attacker to exploit path traversal to navigate to arbitrary directories. By manipulating the binding_path to point to a controlled directory and uploading a malicious __init__.py file, an attacker can execute arbitrary code on the server.
CVSS Information
N/A
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
LoLLMs 命令注入漏洞
Vulnerability Description
LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言多模式系统的 Web UI。 LoLLMs 存在命令注入漏洞,该漏洞源于 lollms_core/lollms/server/endpoints/lollms_binding_infos.py 中的 reinstall_binding 函数存在远程执行代码漏洞。
CVSS Information
N/A
Vulnerability Type
N/A