Toui · Toui · CVE-2023-33175
**Name of the Vulnerable Software and Affected Versions**
ToUI versions 2.0.1 through 2.4.0
**Description**
The issue affects websites that use the `Website.user vars` property. ToUI utilizes Flask-Caching (SimpleCache) to store user variables, which are stored on the server side.
**Recommendations**
For versions 2.0.1 through 2.4.0, upgrade to version 2.4.1.
As a temporary workaround for versions 2.0.1 through 2.4.0, consider not using the `Website.user vars` property in websites.
For version 2.4.0, also avoid using the `Website.signin user()` function until the issue is resolved.