Description
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/open_file' API endpoint to execute these files. The vulnerability arises from the use of 'subprocess.Popen' to open files without proper validation, leading to potential remote code execution.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/c70c6732-23b3-4ef8-aec6-0a47467d1ed5
Scores
CVSS v3
8.8
EPSS
0.0153
EPSS Percentile
81.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (1)
lollms/lollms_web_ui
12
Published
Mar 20, 2025
Tracked Since
Feb 18, 2026