Published: 11/01/2017 Updated: 19/01/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
web2py web2py

Debian Bug report logs - #856127 web2py: CVE-2016-4806 CVE-2016-4807 CVE-2016-4808 Package: web2py; Maintainer for web2py is José L Redrejo Rodríguez <jredrejo@debianorg>; Reported by: Thorsten Alteholz <debian@alteholzde> Date: Sat, 25 Feb 2017 12:57:02 UTC Severity: important Tags: security, upstream Fixed in ...

Title - Web2py 2145 Multiple Vulnerabilities LFI,XSS,CSRF # Exploit Title : Web2py 2145 Multiple Vulnerabilities LFI, XSS,CSRF # Reported Date : 2-April-2016 # Fixed Date : 4-April-2016 # Exploit Author : Narendra Bhati - wwwexploit-dbcom/author/?a=7638 # CVE ID : LFI - CVE-2016-4806 , Reflected XSS - CVE-2016-4807 , CSRF - CVE-2016- ...

Web2py version 2145 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities ...

CWE-200 https://www.exploit-db.com/exploits/39821/http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856127 https://nvd.nist.gov https://www.exploit-db.com/exploits/39821/

CVE-2016-4806

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect