CVE-2020-25990
CRITICALWebsitebaker - SQL Injection
Title source: ruleDescription
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploits (1)
exploitdb
WORKING POC
by Roel van Beurden · textwebappsphp
https://www.exploit-db.com/exploits/48849
Scores
CVSS v3
9.8
EPSS
0.0039
EPSS Percentile
60.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
websitebaker/websitebaker
2.12.2
Published
Oct 01, 2020
Tracked Since
Feb 18, 2026