Infinite Image Browsing Vulnerability in Stable Diffusion Web UI

Infinite Image Browsing Vulnerability in Stable Diffusion Web UI

CVE-2023-46315 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.

Learn more about our Web App Pen Testing.