CVE-2014-9242

WebsiteBaker 2.8.3 - SQL Injection via page_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9242.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in WebsiteBaker 2.8.3, including SQL injection, reflected XSS, and HTTP response splitting. It provides proof-of-concept examples for each vulnerability, demonstrating how they can be exploited.

Description

SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/35277

This advisory details multiple vulnerabilities in WebsiteBaker 2.8.3, including SQL injection, reflected XSS, and HTTP response splitting. It provides proof-of-concept examples for each vulnerability, demonstrating how they can be exploited.

Classification
Writeup 95%
Attack Type
Sqli | Xss | Other
Complexity
Trivial
Reliability
Reliable
Target: WebsiteBaker <= 2.8.3
No auth needed
Prerequisites: Access to the target application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0208
EPSS Percentile 79.1%

Details

CWE
CWE-89
Status published
Products (1)
websitebaker/websitebaker 2.8.3
Published Dec 03, 2014
Tracked Since Feb 18, 2026