Web2py : Security Vulnerabilities, CVEs, Published In 2017
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
Max CVSS
9.8
EPSS Score
0.83%
Published
2017-04-10
Updated
2019-06-21
CVE-2016-4808
Public exploit
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
Max CVSS
8.8
EPSS Score
0.44%
Published
2017-01-11
Updated
2017-01-19
CVE-2016-4807
Public exploit
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
Max CVSS
4.8
EPSS Score
0.08%
Published
2017-01-11
Updated
2017-01-11
CVE-2016-4806
Public exploit
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
Max CVSS
7.5
EPSS Score
0.63%
Published
2017-01-11
Updated
2017-01-19
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.
Max CVSS
6.1
EPSS Score
0.11%
Published
2017-10-18
Updated
2017-10-31
5 vulnerabilities found