CVE-2016-4808

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2016-4808

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4808.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-4808

Aliases

GHSA-gp69-xcm6-ffqj

Published

2017-01-11T16:59:00.267Z

Modified

2026-05-18T13:47:10.668103Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.

References

Affected packages

Git / github.com/web2py/web2py

Affected ranges

Type

GIT

Repo

https://github.com/web2py/web2py

Events

Introduced

Last affected

81d0291ce2aa9d49c7dc23014d58597bbff6c10a

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.14.5"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:web2py:web2py:*:*:*:*:*:*:*:*"
}

Affected versions

R-2.*

R-2.10.1

R-2.10.2

R-2.10.3

R-2.10.4

R-2.10.4.beta

R-2.11.1

R-2.11.2

R-2.12.1

R-2.12.2

R-2.12.3

R-2.13.1

R-2.13.2

R-2.13.3

R-2.13.4

R-2.14.1

R-2.14.2

R-2.14.3

R-2.14.4

R-2.14.5

R-2.4.2

R-2.4.3

R-2.4.4

R-2.4.5

R-2.4.6

R-2.4.7

R-2.5.1

R-2.6.1

R-2.6.2

R-2.6.3

R-2.6.4

R-2.7.1

R-2.7.2

R-2.7.3

R-2.7.4

R-2.8.1

R-2.8.2

R-2.9.10

R-2.9.11

R-2.9.12

R-2.9.2

R-2.9.3

R-2.9.4

R-2.9.5

R-2.9.6

R-2.9.7

R-2.9.8

R-2.9.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4808.json"