VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

Path Traversal and OS Command Injection in parisneo/lollms-webui

CVE-2024-10019

Description

A vulnerability in the start_app_server function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the app_name parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by exploiting the path traversal vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lollms/Lollmsllm-fuzzy2 versions
    V12 (Strawberry) or specifically V12 (Strawberry) in the description+ 1 more
    • (no CPE)range: V12 (Strawberry) or specifically V12 (Strawberry) in the description
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.