171 matches found
Cross site request forgery (csrf)
A Cross Site Request Forgery CSRF vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions...
Privilege escalation
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions...
CVE-2011-2933
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions...
CVE-2011-2933
CVE-2011-2933: Affected software is WebsiteBaker 2.8.1 and earlier. The vulnerability is an Arbitrary File Upload in admin/media/upload.php caused by failure to restrict uploaded files with extensions .htaccess, .php4, .php5, and .phtl. Connected sources confirm thisē°. The provided documents do n...
CVE-2011-2934
A Cross Site Request Forgery CSRF vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions...
CVE-2011-2934
CVE-2011-2934 describes a Cross Site Request Forgery (CSRF) vulnerability in the administrator functions of WebsiteBaker 2.8.1 and earlier, caused by inadequate confirmation for sensitive transactions. The connected records confirm affected software (WebsiteBaker 2.8.1 and earlier) and the root c...
CVE-2017-16514
Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...
CVE-2017-16514
Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...
Cross site scripting
Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...
CVE-2017-16514
Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...
CVE-2017-16514
CVE-2017-16514 affects WebsiteBaker 2.10.0, with multiple persistent stored XSS vulnerabilities in the files /wb/admin/admintools/tool.php and /install/index.php. The root cause is persistent JavaScript code being stored and reflected back to users in various areas of the application. Exploitatio...
WebsiteBaker Arbitrary PHP Code Execution Vulnerability
WebsiteBaker is an open source PHP content management system CMS maintained and developed by the WebsiteBaker organization. The system supports WYSIWYG editor, search engine optimization and add-ons. A security vulnerability exists in the install\save.php file in WebsiteBaker version 2.10.0. The...
CVE-2017-9771
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...
CVE-2017-9771
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...
Code injection
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...
CVE-2017-9771
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...
CVE-2017-9771
Summary: CVE-2017-9771 affects WebsiteBaker v2.10.0, with the vulnerability located in install\save.php. Remote attackers can execute arbitrary PHP code via the parameters database_username, database_host, or database_password. The connected CNVD/NVD entries corroborate this description. No concr...
WebsiteBaker cross-site scripting vulnerability (CNVD-2017-08708)
WebsiteBaker is an open source PHP content management system CMS maintained and developed by the WebsiteBaker organization. The system supports WYSIWYG editor, search engine optimization and add-ons. A cross-site scripting vulnerability exists in the /account/details.php file in WebsiteBaker...
WebsiteBaker SQL Injection Vulnerability (CNVD-2017-08709)
WebsiteBaker is an open source PHP content management system CMS maintained and developed by the WebsiteBaker organization. The system supports WYSIWYG editor, search engine optimization and add-ons. A SQL injection vulnerability exists in the /account/details.php file in WebsiteBaker version...
Cross site scripting
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php...