๐ CVE-2024-1601 | parisneo lollms-webui up to 9.1 HTTP POST Request /delete_discussion id sql injection
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vuldb.com
A vulnerability was found in parisneo lollms-webui up to 9.1. It has been classified as critical. Affected is the function delete_discussion
of the file /delete_discussion of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection.
This vulnerability is traded as CVE-2024-1601. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component. ...