Lucene search
K

171 matches found

Prion
Prion
•added 2020/01/14 9:15 p.m.•15 views

Cross site request forgery (csrf)

A Cross Site Request Forgery CSRF vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions...

6.8CVSS7.1AI score0.00503EPSS
Exploits1References1Affected Software1
Prion
Prion
•added 2020/01/14 9:15 p.m.•18 views

Privilege escalation

An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions...

6.5CVSS7AI score0.01112EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
•added 2020/01/14 8:23 p.m.•18 views

CVE-2011-2933

An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions...

6.9AI score0.01112EPSS
Exploits1References1
CVE
CVE
•added 2020/01/14 8:23 p.m.•45 views

CVE-2011-2933

CVE-2011-2933: Affected software is WebsiteBaker 2.8.1 and earlier. The vulnerability is an Arbitrary File Upload in admin/media/upload.php caused by failure to restrict uploaded files with extensions .htaccess, .php4, .php5, and .phtl. Connected sources confirm thisēŽ°. The provided documents do n...

7.2CVSS6.8AI score0.01112EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
•added 2020/01/14 8:18 p.m.•22 views

CVE-2011-2934

A Cross Site Request Forgery CSRF vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions...

8.8AI score0.00503EPSS
Exploits1References1
CVE
CVE
•added 2020/01/14 8:18 p.m.•38 views

CVE-2011-2934

CVE-2011-2934 describes a Cross Site Request Forgery (CSRF) vulnerability in the administrator functions of WebsiteBaker 2.8.1 and earlier, caused by inadequate confirmation for sensitive transactions. The connected records confirm affected software (WebsiteBaker 2.8.1 and earlier) and the root c...

8.8CVSS8.7AI score0.00503EPSS
Exploits1References1Affected Software1
OSV
OSV
•added 2018/01/10 5:29 p.m.•8 views

CVE-2017-16514

Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...

6.1CVSS5.8AI score0.00632EPSS
Exploits0References1
NVD
NVD
•added 2018/01/10 5:29 p.m.•15 views

CVE-2017-16514

Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...

6.1CVSS6.3AI score0.00632EPSS
Exploits0References1
Prion
Prion
•added 2018/01/10 5:29 p.m.•15 views

Cross site scripting

Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...

4.3CVSS6.2AI score0.00632EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
•added 2018/01/10 5:0 p.m.•14 views

CVE-2017-16514

Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...

6.3AI score0.00632EPSS
Exploits0References1
CVE
CVE
•added 2018/01/10 5:0 p.m.•44 views

CVE-2017-16514

CVE-2017-16514 affects WebsiteBaker 2.10.0, with multiple persistent stored XSS vulnerabilities in the files /wb/admin/admintools/tool.php and /install/index.php. The root cause is persistent JavaScript code being stored and reflected back to users in various areas of the application. Exploitatio...

6.1CVSS6.2AI score0.00632EPSS
Exploits0References1Affected Software1
CNVD
CNVD
•added 2017/06/22 12:0 a.m.•6 views

WebsiteBaker Arbitrary PHP Code Execution Vulnerability

WebsiteBaker is an open source PHP content management system CMS maintained and developed by the WebsiteBaker organization. The system supports WYSIWYG editor, search engine optimization and add-ons. A security vulnerability exists in the install\save.php file in WebsiteBaker version 2.10.0. The...

9.8CVSS7.7AI score0.01438EPSS
Exploits0References1
NVD
NVD
•added 2017/06/21 7:29 a.m.•16 views

CVE-2017-9771

install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...

9.8CVSS9.8AI score0.01438EPSS
Exploits0References1
OSV
OSV
•added 2017/06/21 7:29 a.m.•7 views

CVE-2017-9771

install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...

9.8CVSS6.1AI score0.01438EPSS
Exploits0References1
Prion
Prion
•added 2017/06/21 7:29 a.m.•13 views

Code injection

install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...

7.5CVSS8.2AI score0.01438EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
•added 2017/06/21 7:0 a.m.•25 views

CVE-2017-9771

install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the databaseusername, databasehost, or databasepassword parameter...

9.8AI score0.01438EPSS
Exploits0References1
CVE
CVE
•added 2017/06/21 7:0 a.m.•44 views

CVE-2017-9771

Summary: CVE-2017-9771 affects WebsiteBaker v2.10.0, with the vulnerability located in install\save.php. Remote attackers can execute arbitrary PHP code via the parameters database_username, database_host, or database_password. The connected CNVD/NVD entries corroborate this description. No concr...

9.8CVSS9.7AI score0.01438EPSS
Exploits0References1Affected Software1
CNVD
CNVD
•added 2017/06/05 12:0 a.m.•5 views

WebsiteBaker cross-site scripting vulnerability (CNVD-2017-08708)

WebsiteBaker is an open source PHP content management system CMS maintained and developed by the WebsiteBaker organization. The system supports WYSIWYG editor, search engine optimization and add-ons. A cross-site scripting vulnerability exists in the /account/details.php file in WebsiteBaker...

6.1CVSS6.2AI score0.00632EPSS
Exploits0References1
CNVD
CNVD
•added 2017/06/05 12:0 a.m.•5 views

WebsiteBaker SQL Injection Vulnerability (CNVD-2017-08709)

WebsiteBaker is an open source PHP content management system CMS maintained and developed by the WebsiteBaker organization. The system supports WYSIWYG editor, search engine optimization and add-ons. A SQL injection vulnerability exists in the /account/details.php file in WebsiteBaker version...

9.8CVSS8.6AI score0.01035EPSS
Exploits0References1
Prion
Prion
•added 2017/06/02 5:29 a.m.•12 views

Cross site scripting

WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php...

4.3CVSS5.9AI score0.00632EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder