Published: 11/01/2017 Updated: 19/01/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an malicious user to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.

Vulnerable Product	Search on Vulmon	Subscribe to Product
web2py web2py

Debian Bug report logs - #856127 web2py: CVE-2016-4806 CVE-2016-4807 CVE-2016-4808 Package: web2py; Maintainer for web2py is José L Redrejo Rodríguez <jredrejo@debianorg>; Reported by: Thorsten Alteholz <debian@alteholzde> Date: Sat, 25 Feb 2017 12:57:02 UTC Severity: important Tags: security, upstream Fixed in ...

Title - Web2py 2145 Multiple Vulnerabilities LFI,XSS,CSRF # Exploit Title : Web2py 2145 Multiple Vulnerabilities LFI, XSS,CSRF # Reported Date : 2-April-2016 # Fixed Date : 4-April-2016 # Exploit Author : Narendra Bhati - wwwexploit-dbcom/author/?a=7638 # CVE ID : LFI - CVE-2016-4806 , Reflected XSS - CVE-2016-4807 , CSRF - CVE-2016- ...

Web2py version 2145 suffers from cross site request forgery, cross site scripting, and local file inclusion vulnerabilities ...

CWE-352 https://www.exploit-db.com/exploits/39821/http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856127 https://nvd.nist.gov https://www.exploit-db.com/exploits/39821/

CVE-2016-4808

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect