Vulnerabilities > Websitebaker > High

DATE CVE VULNERABILITY TITLE RISK
2020-10-01 CVE-2020-25990 SQL Injection vulnerability in Websitebaker 2.12.2
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php.
network
low complexity
websitebaker CWE-89
7.5
7.5
2017-06-21 CVE-2017-9771 Code Injection vulnerability in Websitebaker 2.10.0
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
network
low complexity
websitebaker CWE-94
7.5
7.5
2017-06-02 CVE-2017-9360 SQL Injection vulnerability in Websitebaker 2.10.0
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
network
low complexity
websitebaker CWE-89
7.5
7.5
2014-12-03 CVE-2014-9242 SQL Injection vulnerability in Websitebaker 2.8.3
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
network
low complexity
websitebaker CWE-89
7.5
7.5