parisneo Lollms-Webui Missing Authentication Vulnerability in Uninstall Endpoint Allowing Unauthorized Directory Deletions

Vulnerability

A vulnerability exists in parisneo/lollms-webui version 13, where the uninstall endpoint lacks proper authentication checks. The /uninstall/{app_name} API endpoint fails to verify the client_id, allowing attackers to delete directories without authorization.

Impact

Exploitation of this vulnerability allows for unauthorized directory deletions.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

8.4

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

parisneo Lollms-Webui Missing Authentication Vulnerability in Uninstall Endpoint Allowing Unauthorized Directory Deletions

Vulnerability

Impact

Affected Products

parisneo/lollms-webui

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating