CVE-2024-4403
Last modified
CVE-2024-4403 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lollms | Lollms-Webui | 9.6 |
References
- https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851Exploit, Third Party Advisory
- https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-4403?
How severe is CVE-2024-4403?
How do I fix CVE-2024-4403?
Are you affected by CVE-2024-4403?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST