Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unrestricted File Upload and Execution in parisneo/lollms-webui
Vulnerability Description
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/open_file' API endpoint to execute these files. The vulnerability arises from the use of 'subprocess.Popen' to open files without proper validation, leading to potential remote code execution.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
LoLLMs Web UI 代码问题漏洞
Vulnerability Description
LoLLMs Web UI是Saifeddine ALOUI个人开发者的一个大型语言与多模态系统的 Web 用户界面。 LoLLMs Web UI v12版本存在代码问题漏洞,该漏洞源于Send file to AL功能允许上传危险文件,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A