WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News

WebsiteBaker 2.13.6 is now available!

Will it continue with WB? It goes on! | Geht es mit WB weiter? Es geht weiter!
https://forum.websitebaker.org/index.php/topic,32340.msg226702.html#msg226702

The forum email address board@websitebaker.org is working again
https://forum.websitebaker.org/index.php/topic,32358.0.html

R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html

* Support WebsiteBaker

Your donations will help to:

  • Pay for our dedicated server
  • Pay for domain registration
  • and much more!

You can donate by clicking on the button below.


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker »
  • Security Announcements »
  • Warning: SQL Injection vulnerability
  • Print
Pages: [1]   Go Down

Author Topic: Warning: SQL Injection vulnerability  (Read 134077 times)

Offline DarkViper

  • Forum administrator
  • *****
  • Posts: 3087
  • Gender: Female
Warning: SQL Injection vulnerability
« on: March 25, 2017, 04:04:57 PM »
!! Warning !! on Fri, 24 Mar 2017 we got this notification:
Quote
I have found multiple security vulnerabilities in WebsiteBaker CMS; therefore, I would like to inform you about these security vulnerabilities.
Vulnerability Type: SQL Injection
Risk Level: Critical
[…]
Marek Alakša
Ethical Hacker
Citadelo | Hackers On Your Side!
That SQL Injection vulnerability is present in all WB Versions including 2.10.0.
It allows privilege escalation as well as a complete overtaking of the whole database and the server possibly too.

WebsiteBaker 2.10.0:
*** We strongly recommend to exchange the files
/wb/account/signup.php
/wb/account/signup2.php
as soon as possible. ***

Take care: All of the versions of WB are prone to attacks!! It is your own decision only to get a secure system!
You can get the new, fixed version of this file from our repository.
signup2.php
signup.php
or the download link below.

Downloads from any other sources are not official WebsiteBaker downloads and should be taken carefull. We can not promise a 'fault free' work for!

have fun with WebsiteBaker,

Manuela
« Last Edit: July 10, 2017, 10:55:39 AM by DarkViper »
Logged
Der blaue Planet - er ist nicht unser Eigentum - wir haben ihn nur von unseren Nachkommen geliehen

"We need education to cope with digitalization - and NOT the digitalization of education.!"

Tägliches Stoßgebet: Oh Herr, wirf Hirn vom Himmel !
  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker »
  • Security Announcements »
  • Warning: SQL Injection vulnerability
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2