Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF in clear_personality_files_list in parisneo/lollms-webui
Vulnerability Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
LoLLMs 跨站请求伪造漏洞
Vulnerability Description
LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言多模式系统的 Web UI。 LoLLMs v9.6版本存在跨站请求伪造漏洞,该漏洞源于使用 GET 请求清除个性文件列表,该请求缺乏适当的跨站点请求伪造保护。
CVSS Information
N/A
Vulnerability Type
N/A