Web2py Cross-Site Request Forgery vulnerability
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Aug 4, 2023
Description
Published by the National Vulnerability Database
Jan 11, 2017
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Aug 4, 2023
Last updated
Aug 4, 2023
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged-in administrator into performing unwanted actions i.e An attacker can trick a victim into disable the installed application just by visiting a URL.
References