!! Warning !! on Fri, 24 Mar 2017 we got this notification:
QuoteI have found multiple security vulnerabilities in WebsiteBaker CMS; therefore, I would like to inform you about these security vulnerabilities.
Vulnerability Type: SQL Injection
Risk Level: Critical
[...]
Marek Alakša
Ethical Hacker
Citadelo | Hackers On Your Side!
That SQL Injection vulnerability is present in all WB Versions including 2.10.0.It allows privilege escalation as well as a complete overtaking of the whole database and the server possibly too.
WebsiteBaker 2.10.0:
*** We strongly recommend to exchange the files
/wb/account/signup.php
/wb/account/signup2.php
as soon as possible. ***Take care: All of the versions of WB are prone to attacks!!
It is your own decision only to get a secure system!You can get the new, fixed version of this file from our repository.
signup2.php (http://project.websitebaker.org/projects/wb-2-10/repository/raw/branches/main/account/signup2.php)
signup.php (http://project.websitebaker.org/projects/wb-2-10/repository/raw/branches/main/account/signup.php)
or the download link below.
Downloads from any other sources are not official WebsiteBaker downloads and should be taken carefull. We can not promise a 'fault free' work for!
have fun with WebsiteBaker,
Manuela