CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0527
https://notcve.org/view.php?id=CVE-2007-0527
26 Jan 2007 — SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de inyección SQL en la función is_remembered en el archivo class.login.php en Website Baker versión 2.6.5 y anteriores permite que los atacantes remotos ejecuten comandos SQL arbitrarios por medio del parámetro co... • http://osvdb.org/32945 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2307
https://notcve.org/view.php?id=CVE-2006-2307
11 May 2006 — Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a user display name. • http://secunia.com/advisories/20081 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 2CVE-2005-4140 – Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution
https://notcve.org/view.php?id=CVE-2005-4140
09 Dec 2005 — SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field. • https://www.exploit-db.com/exploits/1363 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2435
https://notcve.org/view.php?id=CVE-2005-2435
03 Aug 2005 — Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en browse.php en Website Baker Project permite que atacantes remotos inyecten script web arbitrario o HTML mediante el parámetro "dir". • http://marc.info/?l=bugtraq&m=112260471228762&w=2 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2436
https://notcve.org/view.php?id=CVE-2005-2436
03 Aug 2005 — browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error message. browse.php en Website Baker Project permite que atacantes remotos obtengan información confidencial mediante un directorio que no existe en el parámetro "dir", o una petición directa a ciertos ficheros php (lo que revela el path en un mensaje de error). • http://marc.info/?l=bugtraq&m=112260471228762&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2437
https://notcve.org/view.php?id=CVE-2005-2437
03 Aug 2005 — Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code. Website Baker Project no verifica adecuadamente las extensiones de los ficheros subidos, lo que permite que atacantes remotos suban y ejecuten código php arbitrario. • http://marc.info/?l=bugtraq&m=112260471228762&w=2 •