175 matches found
CVE-2023-45158
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...
Command injection
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...
CVE-2023-45158
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...
CVE-2023-45158
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...
CVE-2023-45158
Affected software: web2py 2.24.1 and earlier. Issue: OS command injection when logging is configured to use notifySendHandler (not the default). A crafted request may execute arbitrary commands on the web server due to insufficient input handling. Practical impact: potential full compromise of th...
web2py vulnerable to OS command injection
Overview web2py web application framework contains an OS command injection vulnerability CWE-78. Masashi Yamane of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When web2py is configured to u...
JVN#80476432: web2py vulnerable to OS command injection
web2py web application framework contains an OS command injection vulnerability CWE-78. Impact When web2py is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product. Solution Upda...
web2py OS Command Injection Vulnerability
web2py is web2py open source a free and open source full stack enterprise framework. Used for agile development of secure database-driven Web-based applications. A security vulnerability exists in web2py 2.24.1 and earlier versions, which stems from the presence of an operating system command...
PT-2023-7673 · Web2Py · Web2Py
Name of the Vulnerable Software and Affected Versions: web2py versions 2.24.1 and earlier Description: A command injection vulnerability exists in the product. When configured to use notifySendHandler for logging, a crafted web request may execute an arbitrary OS command on the web server. This...
Exploit for Open Redirect in Web2Py
CVE-2023-22432 PoC verification of web2py vulnerability C...
Open redirect in web2py
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
GHSA-W4R7-VM83-Q2C7 Open redirect in web2py
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
CVE-2023-22432
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
CVE-2023-22432
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
Open redirect
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
CVE-2023-22432
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
UBUNTU-CVE-2023-22432
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
CVE-2023-22432
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
CVE-2023-22432
Web2py contains an open redirect vulnerability in versions prior to 2.23.1. The flaw allows an attacker to redirect users to an arbitrary site via a crafted URL (e.g., manipulating a send parameter in the admin page), enabling phishing. Affected product: web2py (prior to 2.23.1). Root cause: open...
CVE-2023-22432
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...