1. Home
  2. CVE Database
  3. CVE-2024-4328
HIGH · 8.1

CVE-2024-4328

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear...

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ParisneoLollms Web Ui9.6

Related Weaknesses (CWE)

CWE-352

References

FAQ

What is CVE-2024-4328?

CVE-2024-4328 is a vulnerability with a CVSS score of 8.1 (HIGH). A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear...

How severe is CVE-2024-4328?

CVE-2024-4328 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-4328?

Check the references section above for vendor advisories and patch information. Affected products include: Parisneo Lollms Web Ui.