VYPR
High severity7.8OSV Advisory· Published Feb 6, 2018· Updated Jun 17, 2026

CVE-2016-3952

CVE-2016-3952

Description

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Web2py/Web2pyOSV2 versions
    R-2.10.1, R-2.10.2, R-2.10.3, …+ 1 more
    • (no CPE)range: R-2.10.1, R-2.10.2, R-2.10.3, …
    • (no CPE)range: <2.14.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.