CNNVD-202602-866 Information
CNNVD ID
CNNVD-202602-866
Related CVE
- CNNVD Published: 2026-02-05
Description (Chinese)
web2py是web2py开源的一个免费和开源的全栈企业框架。用于敏捷开发安全的数据库驱动的基于 Web 的应用程序。 web2py 2.27.1-stable+timestamp.2023.11.16.08.03.57及之前版本存在输入验证错误漏洞,该漏洞源于开放重定向,可能导致用户访问特制URL时被重定向至任意网站,成为钓鱼攻击受害者。
Description (English)
Web2py is a free-of-charge and open-source whole-house business framework for web2py. Web-based applications for agile database-driven development. Web2py 2.27.1-stable+timestam.2023.11.16.08.03.57 and previous versions contain input validation error holes, which stem from open re-direction and may lead to users re-directing their access to specially designed URLs to random websites as victims of fishing attacks.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
web2py
Published
2026-02-05
Last Modified
2026-02-24
References
https://github.com/web2py/web2py/commit/b4e1ddbd6d40fb30863f6263a67bcdf411a0c6df https://github.com/web2py/web2py/releases https://jvn.jp/en/jp/JVN46925341/ https://web2py.com/
Patch
https://github.com/web2py/web2py/releases
Share on: