CVE-2024-1520
Published: 10 April 2024
Summary
CVE-2024-1520 is a critical-severity OS Command Injection (CWE-78) vulnerability in Lollms Lollms Web Ui. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: AI Model Inference API Access (AML.T0040), Exfiltration via AI Inference API (AML.T0024), External Harms (AML.T0048).
Deeper analysis
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application. The flaw stems from insufficient validation of user-supplied input in the 'discussion_id' parameter and is tracked as CWE-78. It carries a CVSS 3.0 score of 9.8, reflecting network-accessible exploitation with no required authentication or user interaction.
Unauthenticated remote attackers can supply crafted values to the endpoint that inject and execute arbitrary operating-system commands. Successful exploitation grants the ability to read or modify data, escalate privileges, or achieve full control of the underlying host.
A fix addressing the input-handling issue was merged in commit 2497d1a4fe5a09f003bf7a9bc426139e9295a934 of the upstream repository. The associated huntr.dev report provides additional technical detail on the vulnerable code path. The EPSS score has remained essentially flat near 0.11 with no material post-disclosure increase.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17268
Vulnerability details
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution…
more
on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability affects parisneo/lollms-webui, a web UI platform for large language models (LLMs) and multimodal models, enabling AI assistants and agents, categorized under Enterprise AI Assistants. Reported on an AI/ML bug bounty platform (huntr.com).
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in public-facing web endpoint (T1190: Exploit Public-Facing Application) enables arbitrary OS command execution (T1059: Command and Scripting Interpreter).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.