CVE-2016-4808

Name of the Vulnerable Software and Affected Versions Web2py versions 2.14.5 and below

Description The issue allows an attacker to trick a logged-in user, potentially an administrator, into performing unwanted actions. This can be achieved by sending a URL to the victim or by having them visit a specific URL, which can lead to actions such as disabling an installed application.

Recommendations For Web2py versions 2.14.5 and below, consider implementing CSRF protection mechanisms to prevent attackers from tricking users into performing unwanted actions. As a temporary workaround, restrict access to sensitive application functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.