CVE-2021-23404
HIGHsqlite-web - Cross-Site Request Forgery in SQL Dashboard
Title source: llmDescription
This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-PYTHON-SQLITEWEB-1316324
Broken Link x_refsource_misc
https://github.com/coleifer/sqlite-web/blob/2e7c85da3d37f80074ed3ae39b5851069b4f301c/sqlite_web/__main__.py%23L1
Scores
CVSS v3
7.6
EPSS
0.0048
EPSS Percentile
37.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Details
CWE
CWE-352
Status
published
Products (2)
pypi/sqlite-web
0PyPI
sqlite-web_project/sqlite-web
Published
Sep 08, 2021
Tracked Since
Feb 18, 2026