mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
883 B
883 B
CVE-2024-10019
Description
A vulnerability in the start_app_server function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the app_name parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by exploiting the path traversal vulnerability.
POC
Reference
No PoCs from references.