EUVD-2016-5789

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Web2py versions 2.14.5 and below have Local File Inclusion vulnerability exposing sensitive files

Reporter	Title	Published	Views	Family All 13
0day.today	Web2py 2.14.5 - Multiple Vulnerabilities	16 May 201600:00	–	zdt
Circl	CVE-2016-4806	16 May 201600:00	–	circl
CNVD	web2py local file inclusion vulnerability	17 May 201600:00	–	cnvd
CVE	CVE-2016-4806	11 Jan 201716:00	–	cve
Cvelist	CVE-2016-4806	11 Jan 201716:00	–	cvelist
Exploit DB	Web2py 2.14.5 - Multiple Vulnerabilities	16 May 201600:00	–	exploitdb
exploitpack	Web2py 2.14.5 - Multiple Vulnerabilities	16 May 201600:00	–	exploitpack
NVD	CVE-2016-4806	11 Jan 201716:59	–	nvd
OSV	UBUNTU-CVE-2016-4806	11 Jan 201716:59	–	osv
Packet Storm	Web2py 2.14.5 CSRF / XSS / Local File Inclusion	16 May 201600:00	–	packetstorm

[
  {
    "enisaIdVendor": [
      {
        "id": "62c26362-ff75-3a41-808c-40f00f72382c",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "b0189933-8877-353f-8fd5-cf707ed0b011",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2016-4806
exploit-db	www.exploit-db.com/exploits/39821/
packetstormsecurity	www.packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-4806
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

7.6High risk

Vulners AI Score7.6

CVSS 37.5

CVSS 25

EPSS0.10077

web2py local file inclusion vulnerability sensitive files access