A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-10T14:43:21.623Z
Updated: 2024-08-01T20:40:47.179Z
Reserved: 2024-05-01T21:34:39.918Z
Link: CVE-2024-4403
Vulnrichment
Updated: 2024-06-12T14:19:07.926Z
NVD
Status : Awaiting Analysis
Published: 2024-06-10T15:15:52.703
Modified: 2024-11-21T09:42:46.433
Link: CVE-2024-4403
Redhat
No data.