web2py prior to 2.14.1, when using the standalone version, allows remote malicious users to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote malicious users to gain administrative access.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
web2py web2py |