Author Topic: Warning: SQL Injection vulnerability  (Read 1319 times)

Offline DarkViper

  • Core Development
  • *****
  • Posts: 2820
Warning: SQL Injection vulnerability
« on: March 25, 2017, 04:04:57 PM »
!! Warning !! on Fri, 24 Mar 2017 we got this notification:
Quote
I have found multiple security vulnerabilities in WebsiteBaker CMS; therefore, I would like to inform you about these security vulnerabilities.
Vulnerability Type: SQL Injection
Risk Level: Critical
[…]
Marek Alakša
Ethical Hacker
Citadelo | Hackers On Your Side!
That SQL Injection vulnerability is present in all WB Versions including 2.10.0.
It allows privilege escalation as well as a complete overtaking of the whole database and the server possibly too.

WebsiteBaker 2.10.0:
*** We strongly recommend to exchange the files
/wb/account/signup.php
/wb/account/signup2.php
as soon as possible.
***


Take care: All of the versions of WB are prone to attacks!! It is your own decision only to get a secure system!
You can get the new, fixed version of this file from our repository.
signup2.php
signup.php
or the download link below.

Downloads from any other sources are not official WebsiteBaker downloads and should be taken carefull. We can not promise a 'fault free' work for!

have fun with WebsiteBaker,

Manuela
« Last Edit: March 27, 2017, 01:50:43 AM by DarkViper »
Der blaue Planet - er ist nicht unser Eigentum - wir haben ihn nur von unseren Nachkommen geliehen

"You have to take the men as they are ... but you can not leave them like that !!" :-P
Ein einziger Buchstabendreher kann einen ganzen Satz urinieren.