Websitebaker
Source repositories
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0527 | 0.00 | — | 0.01 | Jan 26, 2007 | SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2006-2307 | 0.00 | — | 0.01 | May 11, 2006 | Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a user display name. | |||
| CVE-2005-2437 | 0.00 | — | 0.01 | Aug 3, 2005 | Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code. | |||
| CVE-2005-2436 | 0.00 | — | 0.01 | Aug 3, 2005 | browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error message. | |||
| CVE-2005-2435 | 0.00 | — | 0.01 | Aug 3, 2005 | Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter. |
- CVE-2007-0527Jan 26, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.
- CVE-2006-2307May 11, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a user display name.
- CVE-2005-2437Aug 3, 2005risk 0.00cvss —epss 0.01
Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code.
- CVE-2005-2436Aug 3, 2005risk 0.00cvss —epss 0.01
browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error message.
- CVE-2005-2435Aug 3, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
Page 2 of 2