Vulnerabilities (CVE)

Filtered by vendor Websitebaker Subscribe

Filtered by product Websitebaker

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 4 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-25990	1 Websitebaker	1 Websitebaker	2020-10-05	7.5 HIGH	9.8 CRITICAL
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVE-2017-7410	1 Websitebaker	1 Websitebaker	2020-07-07	7.5 HIGH	9.8 CRITICAL
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVE-2017-9771	1 Websitebaker	1 Websitebaker	2017-11-07	7.5 HIGH	9.8 CRITICAL
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
CVE-2017-9360	1 Websitebaker	1 Websitebaker	2017-06-06	7.5 HIGH	9.8 CRITICAL
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.