2 matches found
Website Baker Admin Login SQL Injection
The remote host is running Website Baker, a PHP-based content management system. The installed version of Website Baker fails to validate user input to the username parameter of the 'admin/login/index.php' script before using it to generate database queries. An unauthenticated attacker can levera...
CVE-2005-4140
Website Baker 2.6.0 is vulnerable to SQL injection in admin/login/index.php via the username parameter used in user-field queries. The vulnerability can allow an unauthenticated attacker to bypass authentication, disclose sensitive information, modify data, or mount further database attacks. Affe...