SSRF in add_webpage endpoint in parisneo/lollms-webui

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs, including those that target internal resources such as 'localhost' or '127.0.0.1'. This flaw enables attackers to make unauthorized requests to internal or external systems, potentially leading to access to sensitive data, service disruption, network integrity compromise, business logic manipulation, and abuse of third-party resources. The issue is critical and requires immediate attention to maintain the application's security and integrity.

N/A

服务端请求伪造(SSRF)

LoLLMs 代码问题漏洞

LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言多模式系统的 Web UI。 LoLLMs 存在代码问题漏洞，该漏洞源于没有充分验证用户输入的 URL，存在服务器端请求伪造(SSRF)漏洞，攻击者能够向内部或外部系统发出未经授权的请求，导致服务中断、网络完整性受损和滥用第三方资源。

N/A

N/A