CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16514
https://notcve.org/view.php?id=CVE-2017-16514
10 Jan 2018 — Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application. Múltiples vulnerabilidades Cross-Site Scripting (XSS) persistente almacenados persistentes en los archivos /wb/admin/admintools/tool.php (Droplet Description) e /install/index.php (Site Title) ... • https://gist.github.com/anonymous/13df19c04c7e86c0f5256b91376d593a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9771
https://notcve.org/view.php?id=CVE-2017-9771
21 Jun 2017 — install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. install\\save.php en WebsiteBaker v2.10.0 permite que atacantes remotos ejecuten código PHP arbitrario mediante el parámetro database_username. • https://github.com/XiaoZhis/ProjectSend/issues/3 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9361
https://notcve.org/view.php?id=CVE-2017-9361
02 Jun 2017 — WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. WebsiteBaker tiene Cross-Site Scripting (XXS) en /account/details.php en su versión 2.10.0. • https://jgj212.blogspot.tw/2017/05/a-stored-xss-vulnerability-in.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9360
https://notcve.org/view.php?id=CVE-2017-9360
02 Jun 2017 — WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. WebsiteBanker tiene una vulnerabilidad de inyección SQL en /account/details.php en su versión 2.10.0. • https://jgj212.blogspot.tw/2017/05/a-sql-injection-vulnerability-in.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7410
https://notcve.org/view.php?id=CVE-2017-7410
03 Apr 2017 — Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. Múltiples vulnerabilidades de inyección SQL en account/signup.php y account/signup2.php en WebsiteBaker 2.10.0 y anteriores permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del nombre de usuario (1), (2) parámetro nombre_de_exposición. • https://github.com/ashangp923/CVE-2017-7410 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •