Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web2py web2py vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-45158
An OS command injection vulnerability exists in web2py 2.24.1 and previous versions. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.
Web2py Web2py
1 Github repository
9.8
CVSSv3
CVE-2016-3957
The secure_load function in gluon/utils.py in web2py prior to 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote malicious users to execute arbitrary code by leveraging knowledge of encryption_key.
Web2py Web2py
9.8
CVSSv3
CVE-2016-3953
The sample web application in web2py prior to 2.14.2 might allow remote malicious users to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.
Web2py Web2py
9.8
CVSSv3
CVE-2016-10321
web2py prior to 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote malicious user to perform brute-force attacks.
Web2py Web2py
8.8
CVSSv3
CVE-2016-4808
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an malicious user to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a U...
Web2py Web2py
1 EDB exploit
7.8
CVSSv3
CVE-2016-3952
web2py prior to 2.14.1, when using the standalone version, allows remote malicious users to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote malicious users to gain administrative access.
Web2py Web2py
7.5
CVSSv3
CVE-2016-4806
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
Web2py Web2py
1 EDB exploit
6.1
CVSSv3
CVE-2023-22432
Open redirect vulnerability exists in web2py versions before 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.
Web2py Web2py
2 Github repositories
6.1
CVSSv3
CVE-2022-33146
Open redirect vulnerability in web2py versions before 2.22.5 allows a remote malicious user to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
Web2py Web2py
1 Github repository
6.1
CVSSv3
CVE-2015-6961
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.
Web2py Web2py 2.9.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »