{"id":"CVE-2016-4808","details":"Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.","aliases":["GHSA-gp69-xcm6-ffqj"],"modified":"2026-05-18T13:47:10.668103Z","published":"2017-01-11T16:59:00.267Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/137070/Web2py-2.14.5-CSRF-XSS-Local-File-Inclusion.html"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/39821/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/web2py/web2py","events":[{"introduced":"0"},{"last_affected":"81d0291ce2aa9d49c7dc23014d58597bbff6c10a"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:web2py:web2py:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"2.14.5"}]}}],"versions":["R-2.14.5","R-2.14.4","R-2.14.3","R-2.14.2","R-2.14.1","R-2.13.4","R-2.13.3","R-2.13.2","R-2.13.1","R-2.12.3","R-2.12.2","R-2.12.1","R-2.11.2","R-2.11.1","R-2.10.4","R-2.10.4.beta","R-2.10.3","R-2.10.2","R-2.10.1","R-2.9.12","R-2.9.11","R-2.9.10","R-2.9.9","R-2.9.8","R-2.9.7","R-2.9.6","R-2.9.5","R-2.9.4","R-2.9.3","R-2.9.2","R-2.8.2","R-2.8.1","R-2.7.4","R-2.7.3","R-2.7.2","R-2.7.1","R-2.6.4","R-2.6.3","R-2.6.2","R-2.6.1","R-2.5.1","R-2.4.7","R-2.4.6","R-2.4.5","R-2.4.4","R-2.4.3","R-2.4.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4808.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}