CVE-2024-6040 | parisneo lollms-webui up to 9.8 lollms_binding_infos client_id cross-site request forgery

Inserito da Angelo Barbosa | Ago 1, 2024 | CVE

A vulnerability has been found in parisneo lollms-webui up to 9.8 and classified as problematic. This vulnerability affects the function lollms_binding_infos. The manipulation of the argument client_id leads to cross-site request forgery.

This vulnerability was named CVE-2024-6040. The attack can be initiated remotely. There is no exploit available.

CVE-2024-6040 | parisneo lollms-webui up to 9.8 lollms_binding_infos client_id cross-site request forgery

Post correlati

CVE-2024-52025 | Netgear XR300/R6400/R7000P HTTP POST Request geniepppoe.cgi pppoe_localip stack-based overflow

CVE-2023-3043 | AMI MegaRAC_SPx prior 12.7/13.6 BMC stack-based overflow

CVE-2024-10456 | Delta Electronics InfraSuite Device Master up to 1.0.12 deserialization (icsa-24-303-03)

CVE-2024-26940 | Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2/6.9-rc1 vmwgfx ttm_resource_manager allocation of resources