Vulnerabilities
Vulnerable Software
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application.
CVSS Score
6.1
EPSS Score
0.006
Published
2018-01-10
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
CVSS Score
9.8
EPSS Score
0.014
Published
2017-06-21
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2017-06-02
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
CVSS Score
6.1
EPSS Score
0.006
Published
2017-06-02
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
CVSS Score
9.8
EPSS Score
0.029
Published
2017-04-03


Contact Us

Shodan ® - All rights reserved