Shodan
Vulnerabilities
Vulnerable Software
Websitebaker:  >> Websitebaker  Security Vulnerabilities
CVE-2020-25990
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
CVSS Score
9.8
EPSS Score
0.005
Published
2020-10-01
CVE-2011-4322
websitebaker prior to and including 2.8.1 has an authentication error in backup module.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-01-21
CVE-2011-2933
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.
CVSS Score
7.2
EPSS Score
0.005
Published
2020-01-14
CVE-2011-2934
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-01-14
CVE-2017-16514
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-10
CVE-2017-9771
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-06-21
CVE-2017-9360
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-06-02
CVE-2017-9361
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-02
CVE-2017-7410
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-04-03
CVE-2015-0553
Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.
CVSS Score
4.3
EPSS Score
0.006
Published
2015-01-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved