Lucene search
JpcertCVELIST:CVE-2023-45158HistoryOct 16, 2023 - 7:53 a.m.
CVE-2023-45158
2023-10-1607:53:52
jpcert
www.cve.org
1
vulnerability
web2py
os command injection
notifysendhandler
web server
crafted web request
arbitrary command execution
EPSS
0.001
Percentile
37.2%
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product.
CNA Affected
[
{
"vendor": "web2py",
"product": "web2py",
"versions": [
{
"version": "2.24.1 and earlier",
"status": "affected"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-45158
2023-10-16 07:53:52
jvn
jvn
JVN#80476432: web2py vulnerable to OS command injection
2023-10-16 00:00:00
cve
cve
CVE-2023-45158
2023-10-16 08:15:09
ubuntucve
ubuntucve
CVE-2023-45158
2023-10-16 00:00:00
prion
prion
Command injection
2023-10-16 08:15:00
nvd
nvd
CVE-2023-45158
2023-10-16 08:15:09
osv
osv
CVE-2023-45158
2023-10-16 08:15:09
githubexploit
githubexploit
Exploit for OS Command Injection in Web2Py
2023-11-04 21:14:09