CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-25990

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://websitebaker.org/pages/en/home.php
https://www.exploit-db.com/exploits/48849
https://websitebaker.org/pages/en/home.php
https://www.exploit-db.com/exploits/48849

Products affected by CVE-2020-25990

Websitebaker » Websitebaker » Version: 2.12.2

cpe:2.3:a:websitebaker:websitebaker:2.12.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25990

Products

Pricing

Contact Us