CVE-2024-1520

EUVD-2024-17268

10.04.2024, 17:15

An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@huntr_ai	CNA	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
lollms	lollms_web_ui	9.0 ≤ 𝑥 < 9.2

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://github.com/parisneo/lollms-webui/commit/2497d1a4fe5a09f003bf7a9bc426139e9295a934

https://huntr.com/bounties/405c2059-3fe9-4233-8eed-741ec847d181

https://github.com/parisneo/lollms-webui/commit/2497d1a4fe5a09f003bf7a9bc426139e9295a934

https://huntr.com/bounties/405c2059-3fe9-4233-8eed-741ec847d181