PT-2017-8532 · Web2Py · Web2Py

Narendra Bhati

Published

2017-01-11

Updated

2017-01-19

CVE-2016-4806

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Web2py versions 2.14.5 and below

Description The issue allows a malicious user to read or access sensitive files on the web server through a Local File Inclusion vulnerability.

Recommendations For Web2py versions 2.14.5 and below, update to a version above 2.14.5 to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2016-4806

Web2Py