CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25990
https://notcve.org/view.php?id=CVE-2020-25990
01 Oct 2020 — WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WebsiteBaker versión 2.12.2, permite una inyección de SQL por medio del parámetro "display_name" en el archivo /websitebaker/admin/preferences/save.php. Explotar este problema podría permitir a un atacante comprometer la aplicació... • https://websitebaker.org/pages/en/home.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4322
https://notcve.org/view.php?id=CVE-2011-4322
21 Jan 2020 — websitebaker prior to and including 2.8.1 has an authentication error in backup module. websitebaker versiones anteriores a 2.8.1 e incluyéndola, presenta un error de autenticación en el módulo de backup. • https://www.openwall.com/lists/oss-security/2011/11/21/2 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2011-2933
https://notcve.org/view.php?id=CVE-2011-2933
14 Jan 2020 — An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. Se presenta una vulnerabilidad de carga arbitraria de archivos en el archivo admin/media/upload.php en WebsiteBaker versión 2.8.1 y anteriores, debido a un fallo al restringir los archivos cargados con extensiones .htaccess, .php4, .php5 y .phtl. • https://www.openwall.com/lists/oss-security/2011/08/19/12 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2011-2934
https://notcve.org/view.php?id=CVE-2011-2934
14 Jan 2020 — A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions. Se presenta una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en las funciones de administrador en WebsiteBaker versión 2.8.1 y anteriores, debido a una confirmación inapropiada de transacciones confidenciales. • https://www.openwall.com/lists/oss-security/2011/08/19/13 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16514
https://notcve.org/view.php?id=CVE-2017-16514
10 Jan 2018 — Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application. Múltiples vulnerabilidades Cross-Site Scripting (XSS) persistente almacenados persistentes en los archivos /wb/admin/admintools/tool.php (Droplet Description) e /install/index.php (Site Title) ... • https://gist.github.com/anonymous/13df19c04c7e86c0f5256b91376d593a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9771
https://notcve.org/view.php?id=CVE-2017-9771
21 Jun 2017 — install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. install\\save.php en WebsiteBaker v2.10.0 permite que atacantes remotos ejecuten código PHP arbitrario mediante el parámetro database_username. • https://github.com/XiaoZhis/ProjectSend/issues/3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9361
https://notcve.org/view.php?id=CVE-2017-9361
02 Jun 2017 — WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. WebsiteBaker tiene Cross-Site Scripting (XXS) en /account/details.php en su versión 2.10.0. • https://jgj212.blogspot.tw/2017/05/a-stored-xss-vulnerability-in.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9360
https://notcve.org/view.php?id=CVE-2017-9360
02 Jun 2017 — WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. WebsiteBanker tiene una vulnerabilidad de inyección SQL en /account/details.php en su versión 2.10.0. • https://jgj212.blogspot.tw/2017/05/a-sql-injection-vulnerability-in.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7410
https://notcve.org/view.php?id=CVE-2017-7410
03 Apr 2017 — Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. Múltiples vulnerabilidades de inyección SQL en account/signup.php y account/signup2.php en WebsiteBaker 2.10.0 y anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del nombre de usuario (1), (2) parámetro nombre_de_exposición. • https://github.com/ashangp923/CVE-2017-7410 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 7CVE-2015-0553 – CMS Websitebaker 2.8.3 SP3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-0553
19 Jan 2015 — Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. Vulnerabilidad XSS en admin/pages/modify.php en WebsiteBaker 2.8.3 SP3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro page_id. CMS Websitebaker version 2.8.3 SP3 suffers from a reflective cross site scripting vulnerability. • https://packetstorm.news/files/id/130008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •