Home > Vulnerability Database > CVE-2024-4403

Mend.io Vulnerability Database

CVE-2024-4403

Date: June 10, 2024

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.

Language: Python

Severity Score

8.8

Related Resources (3)

Url: https://huntr.com/bounties/c9dd6d2f-d83a-488b-9443-d4200c010851

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-4403

Url: https://www.mend.io/vulnerability-database/CVE-2024-4403

Severity Score

8.8

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-4403

Date: June 10, 2024

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?