Websitebaker

Websitebaker

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-47788

Exploit
  • EPSS 0.11%
  • Veröffentlicht 15.01.2026 23:25:40
  • Zuletzt bearbeitet 30.01.2026 01:02:28

WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language installation endpoint by manipulating language install...

5.4

CVE-2023-53953

Exploit
  • EPSS 0.04%
  • Veröffentlicht 19.12.2025 21:15:51
  • Zuletzt bearbeitet 27.12.2025 17:15:45

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating web pages. Attackers can craft malicious payloads in page titles that execute arbitrary JavaScript when...

7

CVE-2023-53902

Exploit
  • EPSS 0.88%
  • Veröffentlicht 16.12.2025 17:03:48
  • Zuletzt bearbeitet 24.12.2025 16:58:04

WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with director...

5.4

CVE-2023-53903

Exploit
  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 17:03:48
  • Zuletzt bearbeitet 24.12.2025 17:54:34

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is vie...

9.8

CVE-2020-25990

Exploit
  • EPSS 0.39%
  • Veröffentlicht 01.10.2020 14:15:15
  • Zuletzt bearbeitet 21.11.2024 05:19:02

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities i...

7.5

CVE-2011-4322

  • EPSS 0.25%
  • Veröffentlicht 21.01.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 01:32:14

websitebaker prior to and including 2.8.1 has an authentication error in backup module.

7.2

CVE-2011-2933

Exploit
  • EPSS 0.45%
  • Veröffentlicht 14.01.2020 21:15:15
  • Zuletzt bearbeitet 21.11.2024 01:29:18

An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions.

8.8

CVE-2011-2934

Exploit
  • EPSS 0.15%
  • Veröffentlicht 14.01.2020 21:15:15
  • Zuletzt bearbeitet 21.11.2024 01:29:18

A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions.

6.1

CVE-2017-16514

  • EPSS 0.24%
  • Veröffentlicht 10.01.2018 17:29:01
  • Zuletzt bearbeitet 21.11.2024 03:16:29

Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code tha...

9.8

CVE-2017-9771

  • EPSS 0.78%
  • Veröffentlicht 21.06.2017 07:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.