WebsiteBaker CVE-2017-7410 Multiple SQL Injection Vulnerabilities

WebsiteBaker is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.

An attacker can leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WebsiteBaker 2.10.0 and prior versions are vulnerable.

Information

Bugtraq ID: 97495
Class: Input Validation Error
CVE: CVE-2017-7410

Remote: Yes
Local: No
Published: Mar 25 2017 12:00AM
Credit: Marek Alaksa
Vulnerable: WebsiteBaker WebsiteBaker 2.10
WebsiteBaker WebsiteBaker 2.8.3 SP3
WebsiteBaker WebsiteBaker 2.8.3 SP1
WebsiteBaker WebsiteBaker 2.8.3
WebsiteBaker WebsiteBaker 2.8.2 SP2

Not Vulnerable:

References:

SQL injection vulnerabilities [reported by Marek Alaksa from citadelo] (websitebaker.org)
Warning: SQL Injection vulnerability (websitebaker.org)
WebsiteBaker - Homepage (WebsiteBaker)

Source: www.securityfocus.com

Exploit Collector

Search Exploit

WebsiteBaker CVE-2017-7410 Multiple SQL Injection Vulnerabilities

Information