Cross-Site Request Forgery Vulnerability in parisneo/lollms-webui by parisneo
CVE-2024-4403
8.8HIGH
What is CVE-2024-4403?
A Cross-Site Request Forgery vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6, allowing attackers to manipulate user actions unknowingly. By exploiting this flaw, malicious actors can send crafted CSRF forms that can trigger unintended operations, including the resetting of programs. This vulnerability compromises the installation processes, such as Binding zoo and Models zoo, by enabling unexpected resets, stemming from inadequate CSRF protection in the affected function.