CVE-2024-54306
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-54306 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the KCT AIKCT Engine Chatbot, ChatGPT, Gemini, and GPT-4o Best AI Chatbot. This issue allows malicious actors to manipulate users into performing unwanted actions on a website, even if the user is currently logged in and trusts the site. The CSRF vulnerability impacts all versions of the aforementioned chatbots from n/a through 1.6.2. Successful exploitation could potentially lead to unauthorized modifications, unintended data deletion, or account takeover. It is advised that affected organizations apply the necessary patches or updates as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.