CVE-2021-23404

HIGH

sqlite-web - Cross-Site Request Forgery in SQL Dashboard

Title source: llm
STIX 2.1

Description

This affects all versions of package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack.

References (2)

Core 2

Scores

CVSS v3 7.6
EPSS 0.0048
EPSS Percentile 37.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Details

CWE
CWE-352
Status published
Products (2)
pypi/sqlite-web 0PyPI
sqlite-web_project/sqlite-web
Published Sep 08, 2021
Tracked Since Feb 18, 2026