Security Advisory

CVE-2020-25990

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-01 13:57:54
Last updated 2024-08-04 15:49:06
Assigner mitre
State PUBLISHED

Description

WebsiteBaker 2.12.2 allows SQL Injection via parameter display_name in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.