Websitebaker: >> Websitebaker >> 2.10.0 Security Vulnerabilities
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-10
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-06-21
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-06-02
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-06-02
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-04-03