## https://sploitus.com/exploit?id=15417D20-B4F1-5820-A3FB-1CCBE882BDD6
# CVE-2024-3121 - Remote Code Execution (RCE) in `parisneo/lollms`
**Discovered by:** Syed Jan Muhammad Zaidi
**GitHub:** [dark-ninja10](https://github.com/dark-ninja10)
**CVE ID:** CVE-2024-3121
**Repository Affected:** [parisneo/lollms](https://github.com/ParisNeo/lollms)
---
## ๐งจ Vulnerability Summary
A **Remote Code Execution (RCE)** vulnerability exists in the `create_conda_env` function of the `lollms` framework. This function constructs a system command using unsanitized input, allowing attackers to inject arbitrary commands and gain code execution on the host.
---
## ๐ฅ Impact
An attacker with access to the `env_name` input parameter can execute arbitrary OS-level commands. This can result in:
- Complete system compromise
- Unauthorized data access or modification
- Installation of backdoors, malware, or crypto miners
- Lateral movement within the network
---
## ๐ฃ Vulnerable Code
```python
process = subprocess.Popen(f'{conda_path} create --name {env_name} python={python_version} -y', shell=True)
```
Issue: The env_name variable is directly interpolated into a shell command without input validation or escaping, making it susceptible to shell injection.
## ๐ท๏ธ References
[CVE-2024-3121 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2024-3121)
[parisneo/lollms](https://github.com/ParisNeo/lollms)
[Full Huntr report](https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b)