Websitebaker - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Websitebaker
(Websitebaker)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	11

Date	Id	Summary	Products	Score	Patch	Annotated
2017-04-03	CVE-2017-7410	Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.	Websitebaker	9.8
2020-01-21	CVE-2011-4322	websitebaker prior to and including 2.8.1 has an authentication error in backup module.	Websitebaker	N/A
2020-01-14	CVE-2011-2933	An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.	Websitebaker	N/A
2020-01-14	CVE-2011-2934	A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.	Websitebaker	N/A
2017-06-21	CVE-2017-9771	install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.	Websitebaker	9.8
2017-06-02	CVE-2017-9361	WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.	Websitebaker	6.1
2017-06-02	CVE-2017-9360	WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.	Websitebaker	9.8
2018-01-10	CVE-2017-16514	Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.	Websitebaker	6.1
2015-01-21	CVE-2015-0553	Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.	Websitebaker	N/A
2014-12-03	CVE-2014-9243	Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/.	Websitebaker	N/A