threat
engine
.sh
Back
·
··:··
Home
/
Product
/
websitebaker
Product
websitebaker
24 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-47788
all versions
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissi
8.8
HIGH
CVE-2023-53953
all versions
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scrip
5.4
MEDIUM
CVE-2023-53903
all versions
WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG f
5.4
MEDIUM
CVE-2023-53902
all versions
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by
6.5
MEDIUM
CVE-2020-25990
all versions
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this
9.8
CRITICAL
CVE-2011-4322
<= 2.8.1
websitebaker prior to and including 2.8.1 has an authentication error in backup module.
7.5
HIGH
CVE-2011-2934
<= 2.8.1
A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to i
8.8
HIGH
CVE-2011-2933
<= 2.8.1
An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to rest
7.2
HIGH
CVE-2017-16514
all versions
Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Descript
6.1
MEDIUM
CVE-2017-9771
all versions
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database
9.8
CRITICAL
CVE-2017-9361
all versions
WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.
6.1
MEDIUM
CVE-2017-9360
all versions
WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.
9.8
CRITICAL
CVE-2017-7410
<= 2.10.0
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remo
9.8
CRITICAL
CVE-2015-0553
all versions
Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arb
CVE-2014-9243
all versions
Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or
CVE-2014-9242
all versions
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL comma
CVE-2011-3817
all versions
Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the
CVE-2011-3385
<= 2.7
Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, as used in LEPTON and possibly other products, allows remote
CVE-2007-0527
<= 2.6.5
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote atta
CVE-2006-2307
all versions
Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script
CVE-2005-4140
all versions
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL comma
CVE-2005-2437
all versions
Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and
CVE-2005-2436
all versions
browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in th
CVE-2005-2435
all versions
Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web sc
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin