CVE-2017-7410

Name of the Vulnerable Software and Affected Versions WebsiteBaker versions 2.10.0 and earlier

Description The issue concerns SQL injection vulnerabilities in certain PHP files. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via the username and display name parameters.

Recommendations For versions 2.10.0 and earlier, update to a version later than 2.10.0 to resolve the issue. As a temporary workaround, consider restricting access to the account/signup.php and account/signup2.php files until a patch is available. Avoid using the username and display name parameters in the affected files until the issue is resolved.