Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution via `/apply_settings` and `/execute_code` in parisneo/lollms-webui
Vulnerability Description
A vulnerability in parisneo/lollms-webui versions up to 9.3 allows remote attackers to execute arbitrary code. The vulnerability stems from insufficient protection of the `/apply_settings` and `/execute_code` endpoints. Attackers can bypass protections by setting the host to localhost, enabling code execution, and disabling code validation through the `/apply_settings` endpoint. Subsequently, arbitrary commands can be executed remotely via the `/execute_code` endpoint, exploiting the delay in settings enforcement. This issue was addressed in version 9.5.
CVSS Information
N/A
Vulnerability Type
系统设置或配置在外部可控制
Vulnerability Title
LoLLMs 安全漏洞
Vulnerability Description
LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言多模式系统的 Web UI。 LoLLMs 9.3之前版本存在安全漏洞,该漏洞源于对 /apply_settings 和 /execute_code 端点的保护不足,允许远程攻击者执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A