The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-06T18:00:00

Updated: 2019-06-21T21:06:03

Reserved: 2016-04-05T00:00:00


Link: CVE-2016-3953

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2018-02-06T18:29:00.273

Modified: 2019-06-21T22:15:10.340


Link: CVE-2016-3953

JSON object: View

cve-icon Redhat Information

No data.

CWE