PT-2005-4839 · Websitebaker · Websitebaker

Rgod

Published

2005-12-09

Updated

2018-10-19

CVE-2005-4140

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Website Baker version 2.6.0

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the username parameter in the admin/login/index.php file, specifically through the user field.

Recommendations For version 2.6.0, consider restricting access to the admin/login/index.php file until a patch is available, and avoid using the username parameter in the user field to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4140

Affected Products

Websitebaker

PT-2005-4839 · Websitebaker · Websitebaker

CVE-2005-4140

Related Identifiers

Affected Products

References · 11