← back
CVE-2016-4808

CVE-2016-4808

EPSS 1.7%
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39821/unverifiedexploitdbwww.exploit-db.com/exploits/39821unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.htmlhttps://www.exploit-db.com/exploits/39821/