cbcvebase.
CVE-2024-4403
published 2024-06-10

CVE-2024-4403: A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers…

PriorityP340high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.17%
6.2th percentile
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.

Affected

2 ranges
VendorProductVersion rangeFixed in
lollmslollms-webui
parisneoparisneo_lollms-webuiunspecified – latest

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.04.4MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.