A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-06-10T14:43:21.623Z

Updated: 2024-08-01T20:40:47.179Z

Reserved: 2024-05-01T21:34:39.918Z

Link: CVE-2024-4403

cve-icon Vulnrichment

Updated: 2024-06-12T14:19:07.926Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-10T15:15:52.703

Modified: 2024-11-21T09:42:46.433

Link: CVE-2024-4403

cve-icon Redhat

No data.