CVE-2020-25990

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
References
Link Resource
https://websitebaker.org/pages/en/home.php Product Vendor Advisory
https://www.exploit-db.com/exploits/48849 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:websitebaker:websitebaker:2.12.2:*:*:*:*:*:*:*

Information

Published : 2020-10-01 02:15

Updated : 2020-10-05 03:58


NVD link : CVE-2020-25990

Mitre link : CVE-2020-25990

Products Affected
No products.
CWE