Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.

INFO

Published Date :

2024-06-10T07:27:09.072Z

Last Modified :

2024-08-01T20:40:47.115Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-4328 vulnerability.

Vendors Products
Parisneo
  • Lollms Web Ui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-4328.

URL Resource
https://huntr.com/bounties/0f4faadf-ebca-4ef8-9d8a-66dbd849c0f8 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact