Vulnerabilities > Websitebaker > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-21 CVE-2011-4322 Missing Authentication for Critical Function vulnerability in Websitebaker
websitebaker prior to and including 2.8.1 has an authentication error in backup module.
network
low complexity
websitebaker CWE-306
7.5
7.5
2020-01-14 CVE-2011-2934 Cross-Site Request Forgery (CSRF) vulnerability in Websitebaker
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.
network
low complexity
websitebaker CWE-352
8.8
8.8
2020-01-14 CVE-2011-2933 Unrestricted Upload of File with Dangerous Type vulnerability in Websitebaker
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.
network
low complexity
websitebaker CWE-434
7.2
7.2