CVE-2024-7034

HIGH

7.2

Beschreibung

In open-webui version 0.3.8, the endpoint `/models/upload` is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of `file_path = f"{UPLOAD_DIR}/{file.filename}"` without proper input validation or sanitization. An attacker can exploit this by manipulating the `file.filename` parameter to include directory traversal sequences, causing the resulting `file_path` to escape the intended `UPLOAD_DIR` and potentially overwrite arbitrary files on the system. This can lead to unauthorized modifications of system binaries, configuration files, or sensitive data, potentially enabling remote command execution.

CVE Details

CVSS v3.1 Bewertung7.2

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienHIGH

BenutzerinteraktionNONE

Veroffentlicht3/20/2025

Zuletzt geandert7/29/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

openwebui:open_webui

Schwachen (CWE)

CWE-22

Referenzen

https://huntr.com/bounties/711beada-10fe-4567-9278-80a689da8613(security@huntr.dev)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.