Vulnerabilities > Websitebaker > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-10-01 CVE-2020-25990 SQL Injection vulnerability in Websitebaker 2.12.2
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php.
network
low complexity
websitebaker CWE-89
critical
 9.8
9.8
2017-06-21 CVE-2017-9771 Code Injection vulnerability in Websitebaker 2.10.0
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
network
low complexity
websitebaker CWE-94
critical
 9.8
9.8
2017-06-02 CVE-2017-9360 SQL Injection vulnerability in Websitebaker 2.10.0
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
network
low complexity
websitebaker CWE-89
critical
 9.8
9.8
2017-04-03 CVE-2017-7410 SQL Injection vulnerability in Websitebaker
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
network
low complexity
websitebaker CWE-89
critical
 9.8
9.8