CVE-2024-54306

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 13, 2024
CWE ID 352

Summary

CVE-2024-54306 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the KCT AIKCT Engine Chatbot, ChatGPT, Gemini, and GPT-4o Best AI Chatbot. This issue allows malicious actors to manipulate users into performing unwanted actions on a website, even if the user is currently logged in and trusts the site. The CSRF vulnerability impacts all versions of the aforementioned chatbots from n/a through 1.6.2. Successful exploitation could potentially lead to unauthorized modifications, unintended data deletion, or account takeover. It is advised that affected organizations apply the necessary patches or updates as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share