!! Warning !! on Wed, 24 Feb 2016 we got this notification:
QuoteAdvisory ID: HTB23296
Reference: https://www.htbridge.com/advisory/HTB23296 (https://www.htbridge.com/advisory/HTB23296)
Product: WebsiteBaker
Vendor: WebsiteBaker Org e.V. ( http://WebsiteBaker.org/ (http://websitebaker.org/) )
Vulnerable Version(s): 2.8.3-SP5 and probably prior
Tested Version: 2.8.3-SP5
Public Disclosure: March 16, 2016
Vulnerability Type: SQL Injection [CWE-89]
Risk Level: Critical
CVSSv3 Base Score: 10 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H]
Discovered and Provided: High-Tech Bridge Security Research Lab
That SQL Injection vulnerability is present in all WB Versions less then 2.8.3-SP6.It allows privilege escalation as well as a complete overtaking of the whole database and the server possibly too.
*** We strongly recommend to upgrade all former installations up to the newest 2.8.3+SP7 (http://addon.websitebaker.org/pages/en/browse-add-ons.php?id=0EDA9662) as soon as possible. ***Right now we check out for similar vulnerabilities to fix it before WB 2.8.3+SP7 become stable state.
Take care: All of the previous versions before WB 2.8.3+SP6 are prone to attacks!!
It is your own decision only to get a secure system!You can get the Downloads from our Wiki (http://wiki.websitebaker.org/doku.php/en/downloads) and the Addon repository (http://addon.websitebaker.org/pages/en/browse-add-ons.php?id=0EDA9662) too.
Downloads from any other sources are not official WebsiteBaker downloads and should be taken carefull. We can not promise a 'fault free' work for!
have fun with WebsiteBaker,
Manuela