U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:web2py:web2py:2.15.4:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity
CVE-2023-45158

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.

Published: October 16, 2023; 4:15:09 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-22432

Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.

Published: March 05, 2023; 7:15:10 PM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2022-33146

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

Published: June 26, 2022; 9:15:07 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 5.8 MEDIUM