WebsiteBaker > Security Announcements

Warning: SQL Injection vulnerability

(1/1)

DarkViper:
!! Warning !! on Fri, 24 Mar 2017 we got this notification:

--- Quote ---I have found multiple security vulnerabilities in WebsiteBaker CMS; therefore, I would like to inform you about these security vulnerabilities.
Vulnerability Type: SQL Injection
Risk Level: Critical
[…]
Marek Alakša
Ethical Hacker
Citadelo | Hackers On Your Side!
--- End quote ---
That SQL Injection vulnerability is present in all WB Versions including 2.10.0.
It allows privilege escalation as well as a complete overtaking of the whole database and the server possibly too.

WebsiteBaker 2.10.0:
*** We strongly recommend to exchange the files
/wb/account/signup.php
/wb/account/signup2.php
as soon as possible. ***

Take care: All of the versions of WB are prone to attacks!! It is your own decision only to get a secure system!
You can get the new, fixed version of this file from our repository.
signup2.php
signup.php
or the download link below.

Downloads from any other sources are not official WebsiteBaker downloads and should be taken carefull. We can not promise a 'fault free' work for!

have fun with WebsiteBaker,

Manuela

Navigation

[0] Message Index