CVE-2016-4808

HIGH

Web2py < 2.14.5 - CSRF

Title source: rule

Description

Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Narendra Bhati · textwebappspython

https://www.exploit-db.com/exploits/39821

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39821/

Scores

CVSS v3 8.8

EPSS 0.0023

EPSS Percentile 45.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (2)

pypi/web2py 0 - 2.14.6PyPI

web2py/web2py < 2.14.5

Published Jan 11, 2017

Tracked Since Feb 18, 2026