The vulnerability arises from the improper sanitization of the data.category and data.folder parameters in the /mount_extension endpoint. By submitting empty values for these parameters, attackers can manipulate the package_path to point to arbitrary locations on the server. If a config.yaml file exists in the attacker-controlled directory, it gets added to the extensions list, leading to the execution of a __init__.py file in the same directory. This file can contain malicious code, resulting in remote code execution without requiring user interaction.

An attacker first creates a config.yaml and a malicious __init__.py file containing code to be executed on the server. These files are uploaded to a location on the server that the attacker can predict or brute-force. The attacker then sends a specially crafted request to the /mount_extension endpoint with the category parameter empty and the folder parameter pointing to the directory containing the malicious files. This results in the execution of the code within __init__.py, achieving remote code execution.

Any installations of the parisneo/lollms software up to version 5.9.0 are vulnerable to this attack. This includes servers where the software is deployed without the patch provided in version 9.8. Users and administrators of these installations are at risk of unauthorized remote code execution on their systems.