CVE-2016-3952

EPSS 0.40% · P61 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2016-3952

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

web2py 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

web2py是一套使用Python编写的开源Web框架，它支持快速开发基于数据库驱动的Web应用程序。 web2py 2.14.1之前版本中存在安全漏洞。当用户使用standalone版本时，攻击者可通过向examples/template_examples/beautify发送直接请求利用该漏洞获取环境变量值。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2016-3952

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2016-3952

Please Login to view more intelligence information

https://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/x_refsource_MISC
https://github.com/web2py/web2py/commit/9706d125b42481178d2b423de245f5d2faadbf40x_refsource_CONFIRM
https://usn.ubuntu.com/4030-1/vendor-advisoryx_refsource_UBUNTU
https://nvd.nist.gov/vuln/detail/CVE-2016-3952

Same Patch Batch · n/a · 2018-02-06 · 52 CVEs total

CVE-2015-3618		Nagios Business Process Intelligence 跨站脚本漏洞
CVE-2018-6569		West Wind Web Server 安全漏洞
CVE-2018-6654		Grammarly extension for Chrome 安全漏洞
CVE-2018-6466		WordPress flickrRSS插件跨站脚本漏洞
CVE-2018-6469		WordPress flickrRSS插件跨站脚本漏洞
CVE-2018-6468		WordPress flickrRSS插件跨站脚本漏洞
CVE-2018-6467		WordPress flickrRSS插件跨站请求伪造漏洞
CVE-2018-6656		Z-BlogPHP 跨站请求伪造漏洞
CVE-2015-4400		Ring video doorbells 安全漏洞
CVE-2015-3619		Joomla! VirtueMart组件跨站脚本漏洞
CVE-2016-7394		Tiki Wiki CMS Groupware 跨站脚本漏洞
CVE-2014-5282		Docker 安全漏洞
CVE-2014-5280		boot2docker 安全漏洞
CVE-2014-5279		boot2docker 安全漏洞
CVE-2018-6389		WordPress 安全漏洞
CVE-2017-17663		thttpd和mini_httpd 缓冲区错误漏洞
CVE-2018-6758		Unbit uWSGI 缓冲区错误漏洞
CVE-2016-3957		web2py 安全漏洞
CVE-2016-3954		web2py 安全漏洞
CVE-2016-3953		web2py sample Web应用程序

Showing top 20 of 52 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2016-3952

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2016-3952

I. Basic Information for CVE-2016-3952

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2016-3952

III. Intelligence Information for CVE-2016-3952

Same Patch Batch · n/a · 2018-02-06 · 52 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2016-3952

Leave a comment