CVE-2020-25990

EIP tracks 1 public exploit for CVE-2020-25990. PoCs published by Roel van Beurden.

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in WebsiteBaker 2.12.2 via the 'display_name' parameter in /admin/preferences/save.php. It includes a proof-of-concept payload and instructions for using SQLmap to extract database information.

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.