Vulnerabilities > Websitebaker > Websitebaker > 2.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-21 | CVE-2011-4322 | Missing Authentication for Critical Function vulnerability in Websitebaker websitebaker prior to and including 2.8.1 has an authentication error in backup module. | 7.5 |
| 2020-01-14 | CVE-2011-2934 | Cross-Site Request Forgery (CSRF) vulnerability in Websitebaker A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions. | 8.8 |
| 2020-01-14 | CVE-2011-2933 | Unrestricted Upload of File with Dangerous Type vulnerability in Websitebaker An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions. | 7.2 |
| 2017-04-03 | CVE-2017-7410 | SQL Injection vulnerability in Websitebaker Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. | 9.8 |