2 matches found
CVE-2023-45158
An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...
CVE-2023-45158
Affected software: web2py 2.24.1 and earlier. Issue: OS command injection when logging is configured to use notifySendHandler (not the default). A crafted request may execute arbitrary commands on the web server due to insufficient input handling. Practical impact: potential full compromise of th...