Parisneo Lollms Arbitrary Binding Manipulation Vulnerability in Lollms Binding Infos Module

Vulnerability

A vulnerability in the lollms_binding_infos module of the parisneo/lollms repository, version V14, allows attackers to arbitrarily add, modify, and remove bindings. This issue arises from a missing access check in the binding management endpoints, enabling unauthorized manipulation of binding settings without the need for a client_id.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of binding settings, allowing attackers to disrupt or alter the functionality of the application by mismanaging bindings.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Parisneo Lollms Arbitrary Binding Manipulation Vulnerability in Lollms Binding Infos Module

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating