CVE-2024-6040 - Parisneo Lollms-Webui Missing Parameter CSRF and Local Attack Vulnerability
CVE ID : CVE-2024-6040 Published : Aug. 1, 2024, 4:15 p.m. | 2 hours, 44 minutes ago Description : In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /set_active_binding_settings, and /update_binding_settings are susceptible to CSRF attacks and local attacks. An attacker can exploit this vulnerability to perform unauthorized actions on the victim's machine. Severity: 4.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-6040
Published : Aug. 1, 2024, 4:15 p.m. | 2 hours, 44 minutes ago
Description : In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /set_active_binding_settings, and /update_binding_settings are susceptible to CSRF attacks and local attacks. An attacker can exploit this vulnerability to perform unauthorized actions on the victim's machine.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : Aug. 1, 2024, 4:15 p.m. | 2 hours, 44 minutes ago
Description : In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /set_active_binding_settings, and /update_binding_settings are susceptible to CSRF attacks and local attacks. An attacker can exploit this vulnerability to perform unauthorized actions on the victim's machine.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
