RSS   Vulnerabilities for 'Website baker'   RSS

2011-09-23
 
CVE-2011-3817

CWE-200
 

 
Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. NOTE: this might overlap CVE-2005-2436.

 
2007-01-25
 
CVE-2007-0527

CWE-89
 

 
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.

 

 >>> Vendor: Websitebaker2 2 Products
Website baker
Websitebaker


Copyright 2024, cxsecurity.com

 

Back to Top