Lucene search
K

171 matches found

CVE
CVE
added 2015/01/21 3:0 p.m.70 views

CVE-2015-0553

Affects WebsiteBaker 2.8.3 SP3: admin/pages/modify.php exposes a reflecting XSS via the page_id parameter. Impact is script execution in the context of the user’s browser. No remediation details are provided in the connected documents; CVSSv2 base score is 4.3 (Medium). Exploitation details appea...

4.3CVSS5.9AI score0.02018EPSS
Exploits2References6Affected Software1
CNVD
CNVD
added 2015/01/20 12:0 a.m.8 views

WebsiteBaker 'modify.php' Cross-Site Scripting Vulnerability

WebsiteBaker is an open source PHP web content management system . A cross-site scripting vulnerability exists in WebsiteBaker 'modify.php' because the application fails to properly filter user-supplied input. An attacker may be able to exploit this issue to execute arbitrary script code in the...

4.3CVSS6.9AI score0.02018EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2015/01/19 12:0 a.m.55 views

CMS Websitebaker 2.8.3 SP3 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS Websitebaker v.2.8.3 SP3 Advisory ID: SROEADV-2015-03 Author: Steffen Rösemann Affected Software: CMS Websitebaker v.2.8.3 SP3 Vendor URL: http://www.websitebaker.org/de/home.php Vendor Status: Vendor did not respond CVE-ID: CVE-2015-0553 Tested with:...

4.3CVSS0.02018EPSS
Exploits3
NVD
NVD
added 2014/12/03 9:59 p.m.21 views

CVE-2014-9242

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...

7.5CVSS8.4AI score0.02082EPSS
Exploits1References2
Prion
Prion
added 2014/12/03 9:59 p.m.10 views

Sql injection

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...

7.5CVSS9.1AI score0.02082EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2014/12/03 9:59 p.m.23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

4.3CVSS6.1AI score0.0248EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2014/12/03 9:0 p.m.23 views

CVE-2014-9242

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...

8.4AI score0.02082EPSS
Exploits1References2
Cvelist
Cvelist
added 2014/12/03 9:0 p.m.31 views

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

5.8AI score0.0248EPSS
Exploits1References2
CVE
CVE
added 2014/12/03 9:0 p.m.44 views

CVE-2014-9242

CVE-2014-9242: SQL injection in WebsiteBaker 2.8.3 affects the admin/pages/modify.php handler, exploitable via the page_id parameter to allow remote execution of arbitrary SQL commands. This is the only detail provided in the connected documents; no patch/version remediation is stated in these so...

7.5CVSS8.7AI score0.02082EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2014/12/03 9:0 p.m.55 views

CVE-2014-9243

CVE-2014-9243 affects WebsiteBaker 2.8.3 with multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via: (1) QUERY_STRING to wb/admin/admintools/tool.php, (2) section_id to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5...

4.3CVSS5.9AI score0.0248EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2014/11/18 12:0 a.m.29 views

WebsiteBaker 2.8.3 Multiple Vulnerabilities

WebsiteBaker versions 2.8.3 and below suffers from cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities. I. VULNERABILITY ------------------------- Multiple Vulnerabilities in WebsiteBaker 2.8.3 II. BACKGROUND ------------------------- WebsiteBaker helps you to...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/17 12:0 a.m.37 views

WebsiteBaker 2.8.3 XSS / SQL Injection / HTTP Response Splitting

============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score ============================================= I. VULNERABILITY...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2014/11/17 12:0 a.m.36 views

WebsiteBaker 2.8.3 - Multiple Vulnerabilities

WebsiteBaker 2.8.3 - Multiple Vulnerabilities ============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2014/11/17 12:0 a.m.38 views

WebsiteBaker 2.8.3 - Multiple Vulnerabilities

============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score ============================================= I. VULNERABILITY...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

websitebaker add-on concert calendar 2.1.4 - Multiple Vulnerabilities

No description provided by source. Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

WebSiteBaker 2.8.1 DataBase Backup Disclosure

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

WebsiteBaker 2.8.1 CSRF Proof of Concept

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

kitForm CRM Extension 0.43 (sorter.php, sorter_value param) - SQL Injection

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: = 0.43 2013-11-22 Date: 2014-04-20 Criticality: Medium Exploitable from: Remote Impact: SQL Injection Product URL: https://github.com/phpManufaktur/kitForm 1...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/04/23 12:0 a.m.20 views

kitForm CRM Extension 0.43 (sorter.php, sorter_value param) - SQL Injection

Exploit for php platform in category web applications -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. t...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/04/22 12:0 a.m.14 views

kitForm CRM Extension 0.43 - sorter.ph?sorter_value SQL Injection

kitForm CRM Extension 0.43 - sorter.ph?sortervalue SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. target = "http://fbi.gov" 5. SQLi = "or 1=1...

8.6AI score
Exploits0
Rows per page
Query Builder