VYPR
Unrated severityNVD Advisory· Published Jun 10, 2024· Updated Aug 1, 2024

CSRF in clear_personality_files_list in parisneo/lollms-webui

CVE-2024-4328

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lollms/Lollmsllm-fuzzy2 versions
    = 9.6+ 1 more
    • (no CPE)range: = 9.6
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.