Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-3435 PoC — Path Traversal in parisneo/lollms-webui

Source
https://github.com/ymuraki-csc/cve-2024-3435
Associated Vulnerability
Title:Path Traversal in parisneo/lollms-webui (CVE-2024-3435)
Description:A path traversal vulnerability exists in the 'save_settings' endpoint of the parisneo/lollms-webui application, affecting versions up to the latest release before 9.5. The vulnerability arises due to insufficient sanitization of the 'config' parameter in the 'apply_settings' function, allowing an attacker to manipulate the application's configuration by sending specially crafted JSON payloads. This could lead to remote code execution (RCE) by bypassing existing patches designed to mitigate such vulnerabilities.
Readme
This is a [Next.js](https://nextjs.org/) project bootstrapped with [`create-next-app`](https://github.com/vercel/next.js/tree/canary/packages/create-next-app).

## Getting Started

First, run the development server:

```bash
npm run dev
# or
yarn dev
# or
pnpm dev
# or
bun dev
```

Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.

You can start editing the page by modifying `app/page.tsx`. The page auto-updates as you edit the file.

This project uses [`next/font`](https://nextjs.org/docs/basic-features/font-optimization) to automatically optimize and load Inter, a custom Google Font.

## Learn More

To learn more about Next.js, take a look at the following resources:

- [Next.js Documentation](https://nextjs.org/docs) - learn about Next.js features and API.
- [Learn Next.js](https://nextjs.org/learn) - an interactive Next.js tutorial.

You can check out [the Next.js GitHub repository](https://github.com/vercel/next.js/) - your feedback and contributions are welcome!

## Deploy on Vercel

The easiest way to deploy your Next.js app is to use the [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) from the creators of Next.js.

Check out our [Next.js deployment documentation](https://nextjs.org/docs/deployment) for more details.
File Snapshot

 [4.0K]  /data/pocs/14de19663aa2967ffa9f144e1c3ad9b775f18cdc
├── [4.0K]  app
│   ├── [ 25K]  favicon.ico
│   ├── [2.2K]  globals.css
│   ├── [ 473]  layout.tsx
│   ├── [3.8K]  page.module.css
│   ├── [ 353]  page.tsx
│   └── [4.0K]  redirect
│       └── [ 145]  page.tsx
├── [  92]  next.config.mjs
├── [ 473]  package.json
├── [ 88K]  pnpm-lock.yaml
├── [4.0K]  public
│   ├── [1.3K]  next.svg
│   └── [ 629]  vercel.svg
├── [1.4K]  README.md
└── [ 574]  tsconfig.json

3 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →