High severity8.8NVD Advisory· Published Jan 11, 2017· Updated May 6, 2026
CVE-2016-4808
CVE-2016-4808
Description
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
web2pyPyPI | < 2.14.6 | 2.14.6 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.htmlnvdExploitThird Party AdvisoryVDB EntryWEB
- www.exploit-db.com/exploits/39821/nvdExploitThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-gp69-xcm6-ffqjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-4808ghsaADVISORY
- www.exploit-db.com/exploits/39821ghsaWEB
News mentions
0No linked articles in our index yet.