Vulnerabilities > CVE-2005-4140 - SQL Injection vulnerability in Website Baker 2.5.2/2.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | Website Baker <= 2.6.0 Login Bypass / Remote Code Execution Exploit. CVE-2005-4140. Webapps exploit for php platform |
| id | EDB-ID:1363 |
| last seen | 2016-01-31 |
| modified | 2005-12-08 |
| published | 2005-12-08 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/1363/ |
| title | Website Baker <= 2.6.0 Login Bypass / Remote Code Execution Exploit |
Nessus
| NASL family | CGI abuses |
| NASL id | WEBSITEBAKER_ADMIN_LOGIN_SQL_INJECTION.NASL |
| description | The remote host is running Website Baker, a PHP-based content management system. The installed version of Website Baker fails to validate user input to the username parameter of the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20839 |
| published | 2006-02-02 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/20839 |
| title | Website Baker Admin Login SQL Injection |
References
- http://archives.neohapsis.com/archives/bugtraq/2005-12/0085.html
- http://rgod.altervista.org/wbaker_260_xpl.html
- http://secunia.com/advisories/17945
- http://securityreason.com/securityalert/244
- http://securitytracker.com/id?1015335
- http://www.osvdb.org/21572
- http://www.securityfocus.com/archive/1/419267/100/0/threaded
- http://www.securityfocus.com/bid/15776
- http://www.vupen.com/english/advisories/2005/2818