CVE-2023-45158

Name of the Vulnerable Software and Affected Versions web2py versions 2.24.1 and earlier

Description A command injection vulnerability exists in the product. When configured to use notifySendHandler for logging, a crafted web request may execute an arbitrary OS command on the web server. This issue arises due to the lack of neutralization of special elements.

Recommendations For versions 2.24.1 and earlier, consider disabling the notifySendHandler for logging until a patch is available to prevent potential exploitation. Restrict access to the web server to minimize the risk of arbitrary OS command execution. Avoid using the product with the vulnerable configuration to reduce the risk of command injection attacks.