Vulnerabilities > Web2Py > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-06 | CVE-2016-3952 | Credentials Management vulnerability in Web2Py web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. | 7.8 |
| 2017-01-11 | CVE-2016-4808 | Cross-Site Request Forgery (CSRF) vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. | 8.8 |
| 2017-01-11 | CVE-2016-4806 | Information Exposure vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | 7.5 |