Vulnerabilities > Web2Py > Web2Py > 2.14.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-16 | CVE-2023-45158 | OS Command Injection vulnerability in Web2Py An OS command injection vulnerability exists in web2py 2.24.1 and earlier. | 9.8 |
2023-03-06 | CVE-2023-22432 | Open Redirect vulnerability in Web2Py Open redirect vulnerability exists in web2py versions prior to 2.23.1. | 6.1 |
2022-06-27 | CVE-2022-33146 | Open Redirect vulnerability in Web2Py Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 5.8 |
2017-04-10 | CVE-2016-10321 | 7PK - Security Features vulnerability in Web2Py web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks. | 5.0 |
2017-01-11 | CVE-2016-4808 | Cross-Site Request Forgery (CSRF) vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. | 6.8 |
2017-01-11 | CVE-2016-4807 | Cross-site Scripting vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). | 3.5 |
2017-01-11 | CVE-2016-4806 | Information Exposure vulnerability in Web2Py Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | 5.0 |