WebsiteBaker Community Forum

WebsiteBaker => Security Announcements => Topic started by: DarkViper on March 25, 2017, 04:04:57 PM

Title: Warning: SQL Injection vulnerability
Post by: DarkViper on March 25, 2017, 04:04:57 PM: !! Warning !! on Fri, 24 Mar 2017 we got this notification:
Quote
I have found multiple security vulnerabilities in WebsiteBaker CMS; therefore, I would like to inform you about these security vulnerabilities.
Vulnerability Type: SQL Injection
Risk Level: Critical
[…]
Marek Alakša
Ethical Hacker
Citadelo | Hackers On Your Side!
That SQL Injection vulnerability is present in all WB Versions including 2.10.0.
It allows privilege escalation as well as a complete overtaking of the whole database and the server possibly too.

WebsiteBaker 2.10.0:
*** We strongly recommend to exchange the files
/wb/account/signup.php
/wb/account/signup2.php
as soon as possible. ***

Take care: All of the versions of WB are prone to attacks!! It is your own decision only to get a secure system!
You can get the new, fixed version of this file from our repository.
signup2.php (http://project.WebsiteBaker.org/projects/wb-2-10/repository/raw/branches/main/account/signup2.php)
signup.php (http://project.WebsiteBaker.org/projects/wb-2-10/repository/raw/branches/main/account/signup.php)
or the download link below.

Downloads from any other sources are not official WebsiteBaker downloads and should be taken carefull. We can not promise a 'fault free' work for!

have fun with WebsiteBaker,

Manuela

SMF 2.0.19 | SMF © 2017, Simple Machines