171 matches found
CVE-2015-0553
Affects WebsiteBaker 2.8.3 SP3: admin/pages/modify.php exposes a reflecting XSS via the page_id parameter. Impact is script execution in the context of the user’s browser. No remediation details are provided in the connected documents; CVSSv2 base score is 4.3 (Medium). Exploitation details appea...
WebsiteBaker 'modify.php' Cross-Site Scripting Vulnerability
WebsiteBaker is an open source PHP web content management system . A cross-site scripting vulnerability exists in WebsiteBaker 'modify.php' because the application fails to properly filter user-supplied input. An attacker may be able to exploit this issue to execute arbitrary script code in the...
CMS Websitebaker 2.8.3 SP3 Cross Site Scripting
Advisory: Reflecting XSS vulnerability in CMS Websitebaker v.2.8.3 SP3 Advisory ID: SROEADV-2015-03 Author: Steffen Rösemann Affected Software: CMS Websitebaker v.2.8.3 SP3 Vendor URL: http://www.websitebaker.org/de/home.php Vendor Status: Vendor did not respond CVE-ID: CVE-2015-0553 Tested with:...
CVE-2014-9242
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...
Sql injection
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...
CVE-2014-9242
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the pageid parameter...
CVE-2014-9243
Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...
CVE-2014-9242
CVE-2014-9242: SQL injection in WebsiteBaker 2.8.3 affects the admin/pages/modify.php handler, exploitable via the page_id parameter to allow remote execution of arbitrary SQL commands. This is the only detail provided in the connected documents; no patch/version remediation is stated in these so...
CVE-2014-9243
CVE-2014-9243 affects WebsiteBaker 2.8.3 with multiple XSS vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via: (1) QUERY_STRING to wb/admin/admintools/tool.php, (2) section_id to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5...
WebsiteBaker 2.8.3 Multiple Vulnerabilities
WebsiteBaker versions 2.8.3 and below suffers from cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities. I. VULNERABILITY ------------------------- Multiple Vulnerabilities in WebsiteBaker 2.8.3 II. BACKGROUND ------------------------- WebsiteBaker helps you to...
WebsiteBaker 2.8.3 XSS / SQL Injection / HTTP Response Splitting
============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score ============================================= I. VULNERABILITY...
WebsiteBaker 2.8.3 - Multiple Vulnerabilities
WebsiteBaker 2.8.3 - Multiple Vulnerabilities ============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score...
WebsiteBaker 2.8.3 - Multiple Vulnerabilities
============================================= MGC ALERT 2014-004 - Original release date: March 11, 2014 - Last revised: November 18, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 10/10 CVSS Base Score ============================================= I. VULNERABILITY...
websitebaker add-on concert calendar 2.1.4 - Multiple Vulnerabilities
No description provided by source. Advisory: Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability Advisory ID: SSCHADV2013-001 Author: Stefan Schurtz Affected Software: Successfully tested on Concert Calendar 2.1.4 Vendor URL:...
WebSiteBaker 2.8.1 DataBase Backup Disclosure
No description provided by source...
WebsiteBaker 2.8.1 CSRF Proof of Concept
No description provided by source...
kitForm CRM Extension 0.43 (sorter.php, sorter_value param) - SQL Injection
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: = 0.43 2013-11-22 Date: 2014-04-20 Criticality: Medium Exploitable from: Remote Impact: SQL Injection Product URL: https://github.com/phpManufaktur/kitForm 1...
kitForm CRM Extension 0.43 (sorter.php, sorter_value param) - SQL Injection
Exploit for php platform in category web applications -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. t...
kitForm CRM Extension 0.43 - sorter.ph?sorter_value SQL Injection
kitForm CRM Extension 0.43 - sorter.ph?sortervalue SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. target = "http://fbi.gov" 5. SQLi = "or 1=1...