WebsiteBaker Community Forum

WebsiteBaker => Security Announcements => Topic started by: DarkViper on February 26, 2016, 11:08:51 AM

Title: Warning: SQL Injection vulnerability
Post by: DarkViper on February 26, 2016, 11:08:51 AM
!! Warning !! on Wed, 24 Feb 2016 we got this notification:
Advisory ID: HTB23296
Reference: (
Product: WebsiteBaker
Vendor: WebsiteBaker Org e.V. ( ( )
Vulnerable Version(s): 2.8.3-SP5 and probably prior
Tested Version: 2.8.3-SP5
Public Disclosure: March 16, 2016
Vulnerability Type: SQL Injection [CWE-89]
Risk Level: Critical
CVSSv3 Base Score: 10 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H]
Discovered and Provided: High-Tech Bridge Security Research Lab

That SQL Injection vulnerability is present in all WB Versions less then 2.8.3-SP6.
It allows privilege escalation as well as a complete overtaking of the whole database and the server possibly too.

*** We strongly recommend to upgrade all former installations up to the newest 2.8.3+SP7 ( as soon as possible. ***

Right now we check out for similar vulnerabilities to fix it before WB 2.8.3+SP7 become stable state.

Take care: All of the previous versions before WB 2.8.3+SP6 are prone to attacks!! It is your own decision only to get a secure system!
You can get the Downloads from our Wiki ( and the Addon repository ( too.

Downloads from any other sources are not official WebsiteBaker downloads and should be taken carefull. We can not promise a 'fault free' work for!

have fun with WebsiteBaker,