← back
CVE-2020-25990

CVE-2020-25990

EPSS 1.7%
WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://websitebaker.org/pages/en/home.phphttps://www.exploit-db.com/exploits/48849