CVE-2024-7034 Information

Description

In open-webui version 0.3.8 the endpoint /models/upload is vulnerable to arbitrary file write due to improper handling of user-supplied filenames. The vulnerability arises from the usage of file_path = fPLOAD_DIR/file.filename\ without proper input validation or sanitization. An attacker can exploit this by manipulating the file.filename parameter to include directory traversal sequences causing the resulting file_path to escape the intended UPLOAD_DIR and potentially overwrite arbitrary files on the system. This can lead to unauthorized modifications of system binaries configuration files or sensitive data potentially enabling remote command execution.

Reference

https://huntr.com/bounties/711beada-10fe-4567-9278-80a689da8613