4 matches found
CVE-2024-6673
A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...
CVE-2024-6673
A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...
CVE-2024-6673 CSRF Vulnerability in parisneo/lollms-webui
A Cross-Site Request Forgery CSRF vulnerability exists in the installcomfyui endpoint of the lollmscomfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into...
CVE-2024-6673
CVE-2024-6673 describes a CSRF vulnerability in the Parisneo LoLLMS WebUI. The issue exists in the install_comfyui endpoint of the lollms_comfyui.py file and is triggered via a GET request without client authentication, allowing an attacker to coerce a user into installing ComfyUI. Affected versi...